Authentication

API Endpoint

The base URL for making requests with the InsCipher API is:

https://surpluslines.inscipher.com/

❗Please be advised that requests not made over HTTPS will fail.

API Key Authentication

Once you have obtained your API key from your dedicated InsCipher implementation lead, include it in the header of your request according to the specific API schema. For security reasons, we strongly recommend against adding the API key to the URL. If you need a new API key, it can be reset by InsCipher support or by users within your agency designated as Filing Agency Admins.

Example of using API key in request header:

GET /api/v1/get-transaction-status
apiKey: your_api_key_here

OAuth 2.0 Authentication

OAuth 2.0 provides a more secure and flexible authentication method. To utilize it, you must have API access enabled for your agency. Follow these steps to authenticate using OAuth 2.0:

Obtain access token
Send a POST request to https://surpluslines.inscipher.com/api/oauth2/token with your credentials. The response will include an access_token, refresh_token and expires_in value. The access token is usually valid for 3600 seconds.

POST /api/oauth2/token
Content-Type: application/json

{
  "grant_type": "password",
  "username": "your_username",
  "password": "your_password"
}

Use access token
Include the access token within the Authorization header of your API requests. Replace your_access_token below with the token from Step 1.

GET /api/v1/get-transaction-status
Authorization: Bearer your_access_token

Refresh token
When your token expires, use the refresh token to obtain a new one. Refresh tokens are valid for 1 month. After expiration, obtain a new access token using your username and password.

POST /api/oauth2/token
Content-Type: application/json

{
  "grant_type": "refresh_token",
  "refresh_token": "your_refresh_token"
}

If you have any further questions on API authentication methods, feel free to reach out to our technical team.