360X
API Reference
RESTWebsocketsFIXSupportStatusWebsite
API Reference
RESTWebsocketsFIXSupportStatusWebsite
  1. API Reference
  • Get started
  • Introduction
  • Systems & Operations
  • Authentication
  • Errors
  • Standards
  • Rate Limits
  • Breaking changes
API Reference
RESTWebsocketsFIXSupportStatusWebsite
API Reference
RESTWebsocketsFIXSupportStatusWebsite
  1. API Reference

Authentication

You must generate an access token for each environment before you can use the 360X API. To do this, you must provide your client_id and client_secret to the OAuth2 endpoint described below. The API will return the token in the access_token property of the response. The response will have a Content-Type of application/json.
Once you have your token, you must include it in every API request in the header. Use the following format:
Authorization: Bearer {your_access_token}
Access tokens expire after 60 minutes. If you submit an invalid or expired token in an API request, or forget to include the token in the header, then the API will respond with a 401 Unauthorized error. In this case, your solution must call the OAuth2 endpoint to generate a new one.
For security purposes, it is strictly prohibited to use the access token in the request URL of an API call.

OAuth2#

For the OAuth2 flow, you must pass your credentials as a colon-separated, Base64-encoded string: client_id:client_secret. Supply the Base64-encoded string in the Authorization header using the following format: Authorization: Basic {base64-encoded-string}.
Your request must have a Content-Type of application/x-www-form-urlencoded and include the following URL-encoded data:
grant_type=client_credentials
Request URL:
Sandbox
Production
Example request:
Sandbox
Production
POST https://sandbox.360x.com/auth/realms/360x-platform/protocol/openid-connect/token
Authorization: Basic YzBjYzY5NmRlZTRhNGY4NWFjZDcwZjgyYzM5OTQ3YWM6bHBnbUQ4aXZ1ZlloUkxvVzRPNjlyaHJweFhvWGJoQjM=
Content-Type: application/x-www-form-urlencoded
Host: sandbox.360x.com
data-urlencode 'grant_type=client_credentials'
Example response:
Sandbox
Production
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJBV0oteS1fQ1dCdTJnUm9JeVJScnN0ZFJDUGtwYjV5Tzg0b3VyV0FqcDZFIn0.eyJleHAiOjE3MzE1OTU4NjksImlhdCI6MTczMTU5NTU2OSwianRpIjoiMTE0MGI1YjYtYzk5Mi00MTNlLWEzYzctYmE0Y2UyNDYyNWMxIiwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3QvYXV0aC9yZWFsbXMvMzYweC1wbGF0Zm9ybSIsImF1ZCI6ImFjY291bnQiLCJzdWIiOiJhNWQ2MWIzZi1hZTU5LTQyMDAtOGY0OS0yNzEyZDg1NWEyZTAiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJjMGNjNjk2ZGVlNGE0Zjg1YWNkNzBmODJjMzk5NDdhYyIsImFjciI6IjEiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJkZWZhdWx0LXJvbGVzLTM2MHgtcGxhdGZvcm0iLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoiZW1haWwgb3BlbmlkIHByb2ZpbGUiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsImNsaWVudEhvc3QiOiIxNzIuMTguMC4xIiwicHJlZmVycmVkX3VzZXJuYW1lIjoic2VydmljZS1hY2NvdW50LWMwY2M2OTZkZWU0YTRmODVhY2Q3MGY4MmMzOTk0N2FjIiwiY2xpZW50QWRkcmVzcyI6IjE3Mi4xOC4wLjEiLCJjbGllbnRfaWQiOiJjMGNjNjk2ZGVlNGE0Zjg1YWNkNzBmODJjMzk5NDdhYyJ9.QO5jLQfIUVUp4-26td8AGhKtJPWr5ZEB-7mgESdmPGFeiFh0GsOD-mI1XoYEBtUx_8ln9eDKgsrg11McY96Ur2O4NchwbpFO24WekAmRs-QrEwPeboKqddiNT3fXt-dhVwr-OLnigjgFbn13MFouJQo4GoUMjS5yZdbbBke9EvUWODdTL-n7YpOGQcRyONEN-bb4H2KkXLMoRwAy3fGlCgOvEIDcZxtqvBqXuAVgQEnjqlHu_PicOJazSxc0BXqVvsxKmgO-EMBWxJeR1dOLuQajI-AiVdEmzjle7bWI3pplIO9cDItkLqxmClHfgKZoQdQj4Q98OmTKQHZ1vXr1fA",
"expires_in": 3599,
"refresh_expires_in": 0,
"token_type": "Bearer",
"not-before-policy": 0,
"scope": "email openid profile"
}
Modified at 2025-06-02 07:11:04
Previous
Systems & Operations
Next
Errors