Authorization
How to obtain access tokens for your endpoint requests
All endpoint requests require an access token.
To obtain an access token, you must follow the instructions detailed in this page.
Obtain your client credentials
- Send an email to [email protected] or submit a request form requesting your client credentials.
- The support team will then send your client ID and client secret to you through a secure channel. Remember to keep your credentials in a safe place.
Generate access token
Use the following endpoint to generate an access token:
Method & URL
POST https://auth.usertesting.com/oauth2/default/v1/token
Header
| Header | Value |
|---|---|
| Content-Type | application/x-www-form-urlencoded |
Request body
data-urlenconde
| Key | Value |
|---|---|
| client_id | CLIENT_ID |
| client_secret | CLIENT_SECRET |
| grant_type | client_credentials |
| scope | public_api.read |
Request examples
curl --location 'https://auth.usertesting.com/oauth2/default/v1/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=CLIENT_ID' \
--data-urlencode 'client_secret=CLIENT_SECRET' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=public_api.read'// app.js or routes/auth.js
import express from 'express';
const app = express();
// GET /token -> fetch OAuth token from UserTesting
app.get('/token', async (req, res) => {
try {
const params = new URLSearchParams();
params.append('client_id', process.env.CLIENT_ID);
params.append('client_secret', process.env.CLIENT_SECRET);
params.append('grant_type', 'client_credentials');
params.append('scope', 'public_api.read');
const response = await fetch(
'https://auth.usertesting.com/oauth2/default/v1/token',
{
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: params.toString(),
}
);
if (!response.ok) {
const errorBody = await response.text();
console.error('Token request failed:', response.status, errorBody);
return res
.status(response.status)
.json({ error: 'Failed to fetch token', details: errorBody });
}
const tokenJson = await response.json();
// Example response: { access_token, token_type, expires_in, scope }
return res.json(tokenJson);
} catch (err) {
console.error('Unexpected error requesting token:', err);
return res.status(500).json({ error: 'Internal server error' });
}
});
// Basic server bootstrap
const PORT = process.env.PORT || 3000;
app.listen(PORT, () => {
console.log(`Auth proxy listening on port ${PORT}`);
});// token.ts
import 'dotenv/config';
export async function getAccessToken() {
const url = 'https://auth.usertesting.com/oauth2/default/v1/token';
const params = new URLSearchParams();
params.append('client_id', process.env.CLIENT_ID ?? '');
params.append('client_secret', process.env.CLIENT_SECRET ?? '');
params.append('grant_type', 'client_credentials');
params.append('scope', 'public_api.read');
const response = await fetch(url, {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: params.toString(),
});
if (!response.ok) {
const errorText = await response.text();
throw new Error(`Token request failed: ${response.status} — ${errorText}`);
}
return response.json() as Promise<{
access_token: string;
token_type: string;
expires_in: number;
scope: string;
}>;
}
// Example usage:
getAccessToken()
.then(token => console.log(token))
.catch(err => console.error(err));import os
import requests
def get_access_token():
url = "https://auth.usertesting.com/oauth2/default/v1/token"
data = {
"client_id": os.getenv("CLIENT_ID"),
"client_secret": os.getenv("CLIENT_SECRET"),
"grant_type": "client_credentials",
"scope": "public_api.read"
}
headers = {
"Content-Type": "application/x-www-form-urlencoded"
}
response = requests.post(url, data=data, headers=headers)
if response.status_code != 200:
print("Error:", response.status_code, response.text)
return None
return response.json()
if __name__ == "__main__":
token = get_access_token()
print(token)Note: Use environment variables to replace
CLIENT_IDandCLIENT_SECRETwith the credentials you received.
Use access token
After generating the access token, you can include it in the header of all the endpoint requests you make.
| Header | Value |
|---|---|
| token | ACCESS_TOKEN |
Request examples
curl -X 'GET' \
'https://www.api.use2.userteseting.com/v2/sessionResults?testId=3fa85f64-5717-4562-b3fc-2c963f66afa6&limit=100&offset=0' \
-H 'accept: application/json' \
-H 'token: ACCESS_TOKEN'// node-request.js
const url = "https://www.api.use2.userteseting.com/v2/sessionResults?testId=3fa85f64-5717-4562-b3fc-2c963f66afa6&limit=100&offset=0";
async function getSessionResults() {
const response = await fetch(url, {
method: "GET",
headers: {
"accept": "application/json",
"token": "ACCESS_TOKEN"
}
});
const data = await response.json();
console.log(data);
}
getSessionResults();// request.ts
const url =
"https://www.api.use2.userteseting.com/v2/sessionResults?testId=3fa85f64-5717-4562-b3fc-2c963f66afa6&limit=100&offset=0";
async function getSessionResults(): Promise<void> {
const response = await fetch(url, {
method: "GET",
headers: {
accept: "application/json",
token:
"ACCESS_TOKEN",
},
});
const data = await response.json();
console.log(data);
}
getSessionResults();# request.py
import requests
url = "https://www.api.use2.userteseting.com/v2/sessionResults"
params = {
"testId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"limit": 100,
"offset": 0,
}
headers = {
"accept": "application/json",
"token": "ACCESS_TOKEN"
}
response = requests.get(url, params=params, headers=headers)
print(response.status_code)
print(response.json())Note: Use an environment variable to replace
ACCESS_TOKENwith the access token you received.
Updated 7 days ago