The MC10 API uses basic access authentication to authorize HTTP requests.

Every request for data must contain a header in the form Authorization: Basic <credentials>, where credentials is the base64 encoding of a registered user's ID and access token joined by a single colon.

Obtaining an access token

Use curl or another HTTP user agent to log into the MC10 API and obtain an access token. Here, the user logs in with the password ex@mple!:

curl -X POST "" --header "Content-Type: text/json" -d '{"email":"","password":"ex@mple!","accountType":"BRC2"}'

The API responds with a user object containing an access token and expiration timestamp:

"accessToken": "JSFn/hfHjbtW2mZQ",
"expiration": 1557848997063,
"user": {
"accountId": "5d3b5950-1b00-11e7-8464-0a624d7022db",
"createdTs": 1440000000000,
"email": "",
"firstName": "John",
"id": "b7c07724-4462-11e9-a70f-0637976ce150",
"isDisabled": false,
"lastName": "Doe",
"legaleseVersionAccepted": 1,
"legaleseVersionRequired": 1,
"locale": "en_us",
"timezone": "US/Eastern"

Using the access token

After logging in, the same user can request data using the provided id and accessToken:

curl --user b7c07724-4462-11e9-a70f-0637976ce150:JSFn/hfHjbtW2mZQ -X GET ""

Above, curl creates the necessary Authorization header from the credentials b7c07724-4462-11e9-a70f-0637976ce150 and JSFn/hfHjbtW2mZQ.

Invalidating the access token

Access tokens are valid for two weeks or until invalidated by "logging out":

curl --user b7c07724-4462-11e9-a70f-0637976ce150:JSFn/hfHjbtW2mZQ ""

POST and PUT requests

When creating or updating data, you must specify "application/json" as the content type. The following example shows how to create a subject using curl:

curl --user b7c07724-4462-11e9-a70f-0637976ce150:JSFn/hfHjbtW2mZQ -X POST "" -H "Content-Type: application/json" -d '{ "displayName": "S-001", "age": 44, "gender": "MALE" }'