Get access token

Use your Sigma client ID and secret with this endpoint to generate an access token valid for one hour, or to refresh your token. You can then use the access token to authenticate requests made to the Sigma API.

Authentication: Get Access Token
Open Recipe

To make any API call with the Sigma API, including to try API calls in the API documentation, you must have a valid bearer token.

You can generate a token using this API endpoint, or you can use the Try It! option on this page. If you use the Try It! option, the token is automatically applied for any other API calls you make from the API reference documentation pages during your browser session.


The API token is valid for 1 hour. When the token expires, an endpoint response returns an unauthorized error.

Usage notes

  • Send your client ID as the username in the API request header.
  • Send your client secret as the password in the API request header.
  • Set the grant_type parameter to client_credentials in the data sent with your request.
  • Set the URL that corresponds to the cloud where your Sigma environment is hosted. See Get started with the Sigma REST API.

Refresh an access token

The response includes a refresh token you can use to refresh your access token after it expires:

  • Set the grant_type to refresh_token.
  • Send a refresh_token parameter with the value of the refresh token provided when you got the access token.

For example:

curl --location --request POST '{endpoint-url}'  
--header 'Content-Type: application/x-www-form-urlencoded'  
--data-urlencode 'grant_type=refresh_token'  
--data-urlencode 'refresh_token={refresh_token}'  
--data-urlencode 'client_id={client_id}'  
--data-urlencode 'client_secret={api_token}'
Click Try It! to start a request and see the response here!