Quick Start

API Authentication

Our API uses JWTs according to the RFC 7519 specification for authentication. There are two options for obtaining these tokens.

Getting your API keys

Please read through the below options, and speak with your CG client solutions engineer about obtaining staging & production authentication keys or credentials.

Pregenerated long-lived JWT tokens

We can generate long-lived JWT tokens with an expiry of several years for partners, which can be stored on the partner's platform and used in perpetuity, until they need to be re-created down the track.

Login to retrieve a short-lived JWT tokens

We can provide an API key and secret/password credentials, which you can then use with a "login" endpoint, to generate a more short-lived token, lasting up to 2 weeks. Ideally, this task would be automated and scheduled to occur at a regular interval, and the latest token stored, so that the entire process requires no manual intervention on your end.

For further details of this workflow, go to the "Login to obtain a JWT" page.

API Overview

This is a JSON REST API, which aims to be compatible with the JSON:API specification.

When making API requests, please use the application/json in the Content-type header.

In terms of authentication, please use the JWT as described above. Your should use it in the Authorization header like so:

Bearer <TOKEN>

Dates & Timestamps

When parsing timestamps, ours will be output in an ISO 8601 format, so if you are parsing any timestamp, be sure your parser supports the full standard. For example, a timestamp may be 2025-02-26T09:31:27Z , 2025-02-26T09:31:27.00000Z`or 2025-02-25T21:31:27−12:00as well as others described in the ISO standard.