Personal Access Token

Some developers will be issued, along with their key, a non-expiring OAuth 2 access token that may be used to access the Spark API directly. All requests using the token must be made using HTTPS.

Never provide your access_token, refresh_token or client_secret to a web browser or other end-user agent. Instead, maintain a separate session and persist this data in a location accessible only by your application (e.g. do not store the access_token in a cookie). Contact for further guidance.

To request data from the api you will need to provide two headers. The Authorization header and the Accept header. You will typically want an Accept header of application/json but, if you are accessing the metadata document of the RESO metadata document you will need to use application/xml. For the Authorization header you will use Bearer <your_access_token>. Our Spark Endpoints require a X-SparkApi-User-Agent header, so you must also provide that when accessing those endpoints.

Example Headers:

Authorization: Bearer <your_access_token>
Accept: application/json
X-SparkApi-User-Agent: MyApplication