The following documentation will help you understand and integrate with diio’s public API.

Headers

• Authorization: (see authorization section)
• Content-Type: application/json

Base URL

https://{your-company-subdomain}.diio.com/api/external

Authorization

Authorization is done by adding a Bearer token to your headers, as follows:

• Authorization: Bearer <access_token>

JWT tokens are signed by diio, and have an expiration time of 1 hour, after that, you must refresh the token using the following endpoint.

Refresh Token

In order to refresh the access_token, you must send a request to the following endpoint. In case that your access_token, is expired or invalid, the API will return a 401 response.

**POST** /refresh_token

Refreshes and return a new access_token

Parameters

• client_id
• client_secret
• refresh_token