Authorization Flow
Get your server authorized to contact nutrition advisor AI
Best Practices
Your api key should never be visible to customers. Your backend service which you are going to enhance with the advisor should be the only server ever requesting a token.
Keep your API Key Safe
It is your responsibility to keep your API key safe.
If you make this request on your client side, they will be able to see your API key in the headers, and abuse it.
Auth Route
Obtain Nutrition Advisor Bearer Token
Using your license key, retreive a token you can use from your backend to call the nutrition advisor API. You must include the customerId returned here in your header as per the auth documentation
the api or license key you were provided in your product dashboard
OK
Requesting the Token
In order to obtain your token for the API, you will need to send a request with your API key to our token service.
For example:
https://api.passiolife.com/v2/token-cache/nutrition-advisor/oauth/token/1i5eXnFpiRfiBGgLibonnBg10Ct14nALTAK5Jb6B4V4o
The key values to note in the response are the access_token
, customer_id
, and the expires_in
fields.
Implement Refreshing
The token you receive from our service will have a time-stamp of its expiry. This is the seconds until this token expires from the time you obtained it.
Tokens can refresh before the expiration for various reasons, so token-reloads on 403 responses should be handled in your API if necessary.
Recommended Implementation:
Put your license key into your applications env using injection, and ideally a secret manager
Create a wrapper, or preflight check when sending requests to Nutrition Advisor such that:
If there is no current token, obtain one as documented below
Anytime you collect a token, note the time it was gathered. The sum of the
timestamp
of receiving the response, and theexpires_in
duration is when your token will expire.Send new requests to refresh token as needed
apply the required headers as noted below
Required Headers
All incoming requests require that you have your Passio identifier in the request headers. Your customer id is returned with the token request once your API key has been validated, and can be pulled from the response to apply to your headers.
This is used to track usage and identify leaks. Any requests coming in with no identifier, or an invalid identifier will be rejected.
Authorization Header: you must provide your
access_token
in an authorization header with the prefixBearer
for example:{"Authorization": "Bearer <access_token here>"}
Passio Identification Header: you must provide your passio
customer_id
(either as returned with the token or as seen on your product dashboard) in aPassio-ID
header
Continue to API Request Setup to see code examples on making requests to Nutrition Advisor
Last updated