Authentication

SuiteFleet uses OAuth 2.0 for API authentication. All system-to-system integrations must authenticate using Client Credentials passed as request headers. Username and password authentication is reserved for the Web Portal only and must not be used for API integrations. 2FA will be forced for all user access.

Your clientId, clientApiKey, and clientSecretKey are provided by SuiteFleet during integration onboarding. Store them securely and never expose them in client-side code or URLs.

1. Authenticate

Obtain an access token and a refresh token.

POST /api/auth/authenticate

Headers

Example Request

curl -X POST 'https://api.suitefleet.com/api/auth/authenticate' \
  -H 'clientId: <tenant-identifier>' \
  -H 'clientApiKey: <your-client-api-key>' \
  -H 'clientSecretKey: <your-client-secret-key>' \
  -H 'Content-Type: application/x-www-form-urlencoded'

Successful Response — 200 OK

{
  "accessToken": "eyJhbGciOi...",
  "refreshToken": "eyJhbGciOi...",
  "accessTokenExpiration": "2026-06-18T14:30:45.123",
  "refreshTokenExpiration": "2026-11-15T14:30:45.123",
  "email": "[email protected]",
  "name": "Integration User",
  "userId": 123,
  "type": "bearer"
}

Token Validity

Store both tokens securely. Use the accessToken for all subsequent API requests and the refreshToken to obtain a new access token when it expires.

2. Refresh Access Token

When the access token expires, use the refresh token to obtain a new one without re-authenticating.

GET /api/auth/refresh

Headers

Example Request

curl -X GET 'https://api.suitefleet.com/api/auth/refresh' \
  -H 'clientId: <tenant-identifier>' \
  -H 'refreshToken: <refresh-token-from-previous-response>'

The response mirrors the authenticate response and includes a new accessToken with updated expiration timestamps.

3. Calling the API

Include the clientId and the Authorization header on every request:

curl -X GET 'https://api.suitefleet.com/api/<resource>' \
  -H 'clientId: <tenant-identifier>' \
  -H 'Authorization: Bearer <accessToken>'

Error Reference