Personal Access Token
Some developers will be issued, along with their key, a non-expiring OAuth 2 access token that may be used to access the Spark® API directly. All requests using the token must be made using HTTPS.
Never provide your
client_secret to a web browser or other end-user agent. Instead, maintain a separate session and persist this data in a location accessible only by your application (e.g. do not store the
access_token in a cookie).
Contact firstname.lastname@example.org for further guidance.
To request data from the api you will need to provide two headers. The
Authorization header and the
Accept header. You will typically want an
Accept header of
application/json but, if you are accessing the metadata document of the RESO metadata document you will need to use
application/xml. For the
Authorization header you will use
Bearer <your_access_token>. Our Spark Endpoints require a
X-SparkApi-User-Agent header, so you must also provide that when accessing those endpoints.
Authorization: Bearer <your_access_token> Accept: application/json X-SparkApi-User-Agent: MyApplication