Syncplicity Support

Search our knowledgebase to get the help you need, today


Authentication Flows

Syncplicity follows OAuth 2.0 standards for authentication.

Syncplicity offers two types of Authentication for the REST APIs. 

Authorization Code Grant

Requires a user to login to Syncplicity and grant your application permission to access files and folders.

This grant is useful for applications that interact with user and would like to use Syncplicity storage in their workflows.

This grant works for End-User Applications with an user interface, where user can enter their username and password (either on Syncplicity provided or SSO provider's UI form)

Client Credentials Grant

Used for Server Application integrations without requiring users to login.

This grant type enables an application to connect directly to Syncplicity and obtain authorization to access files and folders.

This machine-to-machine authentication uses an Application Token (which can be provisioned for Syncplicity users) that can be used to authenticate against the APIs.

Authorization Code Grant Flow Diagram


Details steps for Authentication:

For Authorization code grant flow, the following steps need to be taken to retrieve the Bearer Access Token.

1. Login to Developer Portal ( and create a new App.

  • Click on Create App button.
  • Fill the form and click Save.
  • This will generate a new App Key, App Secret.
  • Set the Redirect URI as
  • Set the Default Scope to Read/Write.
  • Click Save.

2. Enter the following URL in a browser and pass App Key, to obtain the Authorization Code.<YOUR_APP_KEY_HERE>

3.The above request redirects to the following URL with embedded Authorization Code.<AUTHORIZATION_CODE>&scope=

4. Pass the App Key/Secret (base64 encoded) and the Authorization Code to the following URL.

Example CURL:

POST /oauth/token HTTP/1.1
Authorization: Basic <BASE64_APPKEY:SECRET>
Content-Type: application/x-www-form-urlencoded


That's it! This should give you the Bearer Token that you can use in all the subsequent API requests.

Note: Please note that the Authorization Code is a short lived token (valid for 30 seconds only). Make sure to use the token to immediately call the oauth/token URL to obtain the Bearer Access Token. Bearer Tokens are valid for 85 minutes.

For Client Credentials grant flow,

Make a POST request to with the following:

  • Header = 'Authorization: Basic <BASE64_APPKEY_SECRET>'
  • Header = 'Sync-App-Token: <APPLICATION_TOKEN>'
  • Data = 'grant_type=client_credentials'




Powered by Zendesk