Skip to main content

Authentication

Every other endpoint requires an OAuth 2.0 Bearer token. Exchange your client_id and client_secret for an access token — server-side only — and reuse it until it expires.

Tips

  • Cache the token on your backend until ~1 minute before expires_in and refresh proactively. The token is a JWT, so you can also decode exp directly.
  • Never put client_secret in the frontend. The client app should call your backend, which calls VOTR.
  • One environment per credential pair. Development and Production credentials are not interchangeable.
Loading playground…