Authentication API

This section describes the method to obtain your authorization token. To get your access token, a account on the LCLXchange is required. Visit Register to create an account.

Once your account is created you can use your credentials to log into to the service. A successful authentication will return your account details and an access_token. The access_token if your identification on the services. Additionally, the expires_on is the amount of time in seconds before the token must be re-authenticated.

Note: The sample requests contained in this document are for reference only. You will not be able to run the examples as is. Please construct your requests based on your authorization token and data requests with your own data values.

Generating the Request

As an example, the following request will return the access_token, expires_on, and user details.

				// Example Request
curl -X POST '' -H 'Content-Type: application/json' -d '{ "email" : "<email_address>", "password" : "<password>" }'

On a successful authentication the result will look something like:

				//Example Result
"user": {
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGiJIUzI1NiJ9.eyJpc3MiOiJMQ0xYY2hhbmdlIiwiYXVkIjoR0cHM6XC9cL3d3dy5sY2x4Y2hhbmdlLmNvbsImlhdCI6MTM1Njk5OTUyNCwibmJmIjoxMzU3MDAwMDAwLCJkYXRhIjp7ImlkIjoiMyIsImZpcnN0bmFtZSI6IkpvbiIsImxhc3RuYW1lIjoiQ2FyaXRhbiIsImVtYWlsIjoibmVpbC50YWxib3RAbGNseGNoYW5nZS5jb20ifX0.DKCxfJfRixbvknT86641ZiOhN4Yx9ZUXSa7aX1vcGo8",
"expires_on" : 86400,
"firstname": "John",
"middlename": "",
"lastname": "Doe",
"email": "",
"title": "President",
"enabled": "TRUE",
"lastlogin": "2018-12-11 07:41:03",
"imageUrl": "",
"company": {
"name": "Shipping & Freight",
"address1": "Suite 111",
"city": "New York City",
"state": "NY",
"postal": "11355",
"country": "UNITED STATES",
"phone": "+55 (55) 2341-1234",
"otilicense": "003920"

An error or invalid credentials will return:

    "message": "Invalid Username or Password."

To determine when an access token expires, either store this value in your code or handle the HTTP 401 Access Denied status code. when an access token expires, write code to either:

  • Keep track of the expires_in value in the token response. The value is expressed in seconds.
  • Handle the HTTP 401 Unauthorized status code.

Note: Reuse the same access token until it expires.


This section provides information about what is required to generate the login API Request. These fields populate the JSON request.

Component Description

The user's email address.


The user's password.

The URL of the API Services

Query Parameters


HTTP Request Body

A JSON formatted POST request.