Overview
This article explains how to authenticate with the Onefile API using an API Token and obtain an X-TokenID to authenticate all further API requests. The X-TokenID acts as your temporary session key and expires after 24 hours.
Base URLs
- Beta Server: https://wsapibeta.onefile.co.uk/api/v2.1
- Practice Server: https://wsapi2.onefile.co.uk/api/v2.1
- Live Server: https://wsapi.onefile.co.uk/api/v2.1
Prerequisite
Before you can authenticate, you must submit a support ticket requesting an API Token. Once you have received your token, you can begin authentication.
Steps
Firstly, submit a ticket to request an API Token. Once you've got a token:
- Call the POST /api/v2.1/Authentication endpoint
- Pass the X-CustomerToken in the header
- The Session will be returned in the body of the response
- Pass the Session as the X-TokenID in the header, to authenticate all other calls
Any calls without a valid X-TokenID header will fail authentication.
X-TokenID Expiry
The X-TokenID expires 24 hours after being generated. When it expires, you must submit a new authentication request using:POST /api/v2.1/Authentication
This will generate a new Session token to continue making authenticated requests.
Tips & Notes
- Your API Token does not expire unless regenerated by Onefile Support.
- Your Session Token always expires after 24 hours.
- Ensure you store your X-TokenID securely — never embed it in client-side code.
Terminology
Please note that terminology used in this article may differ depending on your Centre.
Related Articles
Need Help?
If you need assistance or require an API Token, please contact Onefile Support or your internal technical team.