Authentication

Before you can access the PredictHQ API and all its magic, you need to prove you are who you say you are. The PredictHQ API uses the OAuth 2.0 standard for authentication.

After you sign up to the API and create an application via the Developer Console, all you need to do is to request an Access Token that will grant your application access to the various tools and resources available via the PredictHQ API.

All requests to the OAuth 2.0 endpoint must be given your credentials in the form of a basic authentication. To comply with the HTTP requirements, your Client ID and Secret should be encoded in base 64.

This can easily be done via this command line:

echo "$CLIENT_ID:$CLIENT_SECRET" | base64

then by adding a header to your HTTP requests:

Authentication: Basic base64($CLIENT_ID:$CLIENT_SECRET)

Requesting an Access Token

When requesting an Access Token, use the client_credentials grant type, then request the scope or scopes you wish to have access to. These scopes can be any or all of the following, separated by a space:

Scope Description
account Grants access to the account endpoint.
events Grants access to the events endpoint.
places Grants access to the places endpoint.
signals Grants access to the signals endpoint.

Access Token Lifetime

Please note that Access Tokens requested via the client_credentials grant type never expire.


Revoking an Access Token

Access Tokens never expire so once you have it, it's yours for the life of your PredictHQ API subscription. However, if you think your token may have been compromised, you have the power to revoke it at any time.


Accessing Protected Resources

Before you can harness the full power of PredictHQ's event intelligence, you need to authenticate your requests using your Access Token.

Once again, to make it easy for you, PredictHQ follows the standard as outlined in the OAuth 2.0 Bearer Token reference.