Authentication Guide

Getting started with authentication is a 3-step process:

  1. Set up a landing page.
  2. Acquire credentials from CRO.
  3. Verify credentials work.

The CRO API uses OAuth 2.0. It supports Authorization Code and Refresh Token grants and the Authorization Code and PKCE flows.

At this time the Client Credentials grant (use of passwords) is not supported and will not be supported in the future.

Landing Page

The landing page is just a URL that your users will be redirected to after successful authentication. You must provide this URL to CRO prior to getting your credentials because this URL is used to provision your account.

Acquire Credentials from CRO

Once you have a landing URL, contact our development team at to have your credentials issued.

Verify Credentials Work

With your account provisioned, now you're ready to make everything work. The easiest way to get started is to use an app like Postman. Postman has built in support for OAuth testing, but any HTTP client tool should work.

Request Access Token

Assuming you're using Postman, create a new request and click on the "Authentication" tab.

Step 1: click on "Authorization" tab.

Then click on "Request New Access Token".

Step 2: click on "Request New Access Token".

Now fill out the dialog with the credentials and URLs given to you by the CRO development team. The "State" field must be at least 8 characters and may be whatever text you choose.

Step 3: Fill out request dialog.

Click "Request Token" and you will be redirected to a login page.

Login page

Upon successful login, you will be presented with your new access token.

New access token

This token may now be used for accessing the CRO API. Include it as an Authorization bearer header with requests requiring it (most).


Congrats! Now you've got access to the CRO API. If you are still struggling with these steps, reach out to us