For Authenticating User, Creating Access Token and Refresh Token


This API endpoint creates new access tokens for the users. The most common method of authenticating against the Cloudsign API is by using API keys, which can be retrieved from the API Integration tab of your Cloudsign user webpage.

Request Body







    "data": {
        "access_token": "eyJhbGciOiJIUzI1NiIsInR5cdee6IkpXVCJ9.eyJmcmVzaCI6ZmFsc2UsImlhdCI6MTY3MzI0ODA2OSwianRpIjoiMDBhMzcwNWEtY2I2Mi00ZjM4LWFjNGMtNDg0YzVkMjkzY2NjIiwidHlwZSI6ImFjY2VzcyIsInN1YiI6Ijg1KzZhNDk3MjRkLWUwYTAtNDI4MS04N2VjLWZmOTM1MDRlZTg1NiIsIm5iZiI6MTY3MzI0ODA2OSwiZXhwIjoxNjczMjU4ODY5fQ.FUNSm6qfLHdz1YFyMe97q3vkinXWNeAj7bKrfql6z2s",
        "expires_in": "3600",
        "refresh_token": "eyJhbGciOiJIUswjwi1NiIsIncCI6IkpXVCJ9.eyJmcmVzaCI6ZmFsc2UsImlhdCI6MTY3MzI0ODA2OSwianRpIjoiMjBhNmJhZjMtMzZkNi00MDBiLWJlZjgtZWY4OTk1NzZkYjZmIiwidHlwZSI6InJlZnJlc2giLCJzdWIiOiI4NSs2YTQ5NzI0ZC1lMGEwLTQyODEtODdlYy1mZjkzNTA0ZWU4NTYiLCJuYmYiOjE2NzMyNDgwNjksImV4cCI6MTY3NTg0MDA2OX0.qtXqny7ExoH6YVAoEZ4JInPBv8t2yJf_mU7SWSXv9hY",
        "token_type": "Bearer"
    "msg": ""

You can either create a new client ID and environment or use an existing one. You can also click on the following link:

After sending the parameters in JSON click "Send API Request", to get the response.

If the response was successful, you will get a status code of 200. Otherwise you will get a status code of 4XX or a similar looking error code as the status code. If you receive the 4XX code, please recheck your credentials.

You can also authenticate yourself by using the CURL or select a similar option available in the dropdown. Copy the Request Sample CURL and change the parameter inside the string and pass the URL. You will get the response as shown in the Response Example.

Once you get 200 as the status code, you should see access_token, expires_in, refresh_token, token_type. When working on other parts of the Cloudsign API you will need the access_token as the authentication token.

The refresh token is returned to the body of the request, or as a hardened cookie, depending on the configuration. A cookie should be used when the client is running in an insecure environment such as a web browser, and cannot adequately protect the refresh token against unauthorized access.


While working with Cloudsign API Keys, the following limitations may apply:

  • API keys cannot be transferred between Cloudsign accounts.

  • The maximum number of API keys per account is limited.

  • An API key is set to be expired within a given time frame. You will see the time in the expires_in response.

curl --request POST \
  --url \
  --header 'Content-Type: application/json' \
  --data '{
  "env": "string",
  "email": "string",
  "client_id": "string"

Last updated