Yep Platform logo
REST API · Yep Platform Technical documentation for certified integrations
Authentication Overview

Authentication

How to authenticate protected calls to the Yep Platform REST API with Bearer Token and best practices to keep credentials safe.

Bearer Token OAuth 2.0 Security

Authentication on protected routes

Protected routes require the header Authorization: Bearer <token> and body in application/json when applicable.

Recommended pattern

Get the token via OAuth, store it in a secure environment and refresh using refresh_token when needed. See the full flow in OAuth 2.0.

Required headers

Include these headers on every authenticated request to protected endpoints:

Authorization: Bearer YOUR_ACCESS_TOKEN
Content-Type: application/json
Authorization Required
Prefix Bearer followed by the access token obtained in the OAuth flow.
Content-Type Required
Use application/json for most endpoints and application/x-www-form-urlencoded for /api2/oauth/token.

Best practices checklist

  • Store tokens in secret vaults or secure environment variables.
  • Never expose tokens in logs, prints or monitoring tools without masking.
  • Refresh the token before expiration using refresh_token.
  • Handle 401 responses by automatically requesting a new token.
Yep Platform REST API · Static documentation ready to publish