First Orion API Authentication

The Branded Communication API is built using a separate, in-house authentication service.

The basic pattern is:

1. Acquire an Authorization token using the API Key and Secret Key
2. Add the JSON Web Token (JWT) to each Exchange API request as an Authorization header

The token will be valid for 60 minutes. sing the refresh token provided in the initial authentication API request response
The token is valid for 60 minutes, after which a new token must be acquired using a refresh_token which is provided when the initial Authorization token is issued.

It is highly recommended that a client application builds logic on the authentication and re-authentication flows that allow retries in case the first attempt to renew the Authorization token fails. This can easily be achieved by attempting to refresh the Authorization token 10 minutes before it is set to expire and retry once every minute until it is successfully renewed. The renewal is expected to be successful on the first attempt - the retry logic is only to have sufficient resiliency against exceptions.

To generate API creds, register your post-paid business in the First Orion Customer Portal.