Data and Software APIs

Expand all | Collapse all

Using OAuth to access Locate APIs

  • 1.  Using OAuth to access Locate APIs

    Posted 04-18-2019 10:01

    Locate APIs use OAuth 2.0 protocol to authenticate and authorize the API request using an OAuth token.

    Follow the below steps to generate token and access Locate APIs.

    Step 1) Getting API Key and Secret

    Register or Log-in to your PB Developer's account from Get your API Key and Secret from API Keys page in your Dashboard from

    Step 2) Generating OAuth Access Token

    Generate a base64 value of your credentials (API Key and Secret) in following format, as shown below:

    {base64Value} = base64encode(APIKey:secret)

    Make a POST request using the base64value to generate the access token, as shown below:


    Request body:

    Request Headers:
    Content-Type: application/x-www-form-urlencoded
    Authorization: Basic {base64Value}

    The Response from above POST request contains OAuth access token, as shown below:

    {"access_token":"{your access token}" .............}

    Step 3) Accessing API using OAuth Token

    Make a request to Locate APIs using the OAuth token in authorization header.

    For example, to call the GeoSearch Locate API, use the following URL and header in the request: Authorization: Bearer {access_token}

    Step 4) Refreshing Access Token

    Access token have limited lifetime. If the token expires, use Step 2 to generate a new token.

    If the error code in Locate API response is PB-APIM-ERR-1003 or PB-APIM-ERR-1002, it means token has expired and needs to be regenerated.

    Accessing GeoMap API doesn't require an OAuth Token. It can be accessed using only the API Key.

    Neha Gupta
    Pitney Bowes Software India PVT. Ltd

  • 2.  RE: Using OAuth to access Locate APIs

    Posted 04-25-2019 05:16
    Thanks Neha for the detailed post.

    Just to add, following would be the curl request to generate/refresh OAuth Access token -

    curl -X POST -H "Authorization: Basic {base64Value}" -H "Content-Type: application/x-www-form-urlencoded" -d grant_type=client_credentials

    where {base64Value} needs to be replaced by the actual base 64 encoded value of APIKey:Secret

    Priyanshu Dubey
    Pitney Bowes Software India

  • 3.  RE: Using OAuth to access Locate APIs

    Posted 06-04-2019 17:22
    Another thing to add is that the token is expired in 10 hours. The expiresIn field in the response indicate the expiry in seconds.

    "access_token": "{YOUR ACCESS TOKEN}",
    "tokenType": "BearerToken",
    "issuedAt": "1429188455329",
    "expiresIn": "35999",
    "clientID": "{YOUR API KEY}",
    "org": ""


    Kapil Dhawan
    Knowledge Community Shared Account
    Shelton CT