--- title: Authentication - APIs description: How to authenticate to use the Speed Lab API lastUpdated: 11 March 2026 source_url: html: https://docs.contentsquare.com/en/api/speed-analysis-lab/authentication/ md: https://docs.contentsquare.com/en/api/speed-analysis-lab/authentication/index.md --- Warning **Since April 30th, 2024, API keys are no longer supported**. You must use OAuth credentials instead to authenticate on our APIs, and migrate your existing applications using API keys. ## OAuth2 authentication The Contentsquare APIs use the server-to-server OAuth 2.0 standard for authentication, also know as 2-legged OAuth or OAuth 2LO. The flow basically consists in calling an authentication endpoint with a pair `client_id` / `client_secret` to retrieve an access token that remains valid for 1 hour. This JWT token should then be used as a Bearer token in the headers of your HTTPS requests (in the form `Authorization: Bearer YOUR_ACCESS_TOKEN`). Note that the API call to the authentication endpoint will also dynamically return the right base URL that you must use. This base URL depends on which cloud the target project is installed on. You can refer below to a [detailed example](#example-of-authentication-flow) of the overall flow to retrieve a token and a base URL, and use those to query the Speed Analysis Lab API. You can generate a pair `client_id` / `client_secret` from the Contentsquare [console ↗](https://console.contentsquare.com), as a Contentsquare administrator. You can find how to generate these credentials in our Help Center documentation. You can create OAuth credentials either: * At the Project level, to request access resources from a specific project only * At the Account level: to request access for any project of the account Warning Your OAuth credentials carry many privileges, so make sure to keep them secure! Do not share them in publicly accessible areas such as GitHub, client-side code, and so forth. ## Refresh your access token Once you get a JWT access token (see the [authentication endpoint](#authentication-endpoint) below), it's valid for 1 hour. If you try to query the Contentsquare APIs with access to token that has expired, you will receive a `401 Unauthorized` error with the error code `JWT_EXPIRED`, in the form: ```json { "success": false, "errorMessage": "Auth token is expired.", "errorCode": "JWT_EXPIRED" } ``` In that case, you should first use your OAuth credentials (your pair `client_id` / `client_secret`) to query a new The OAuth credentials expire after 1 year. See [How to regenerate OAuth credentials ↗](https://support.contentsquare.com/hc/en-us/articles/37271728104593-How-to-create-API-credentials#section4). ## Authentication endpoint POST [https://api.contentsquare.com/v1/oauth/token ↗](https://api.contentsquare.com/v1/oauth/token) ### Parameters * #### client\_id   string   Required The OAuth `client_id` generated from the Contentsquare console. * #### client\_secret   string   Required The OAuth `client_secret` generated from the Contentsquare console. * #### grant\_type   string   Required Always set it to `"client_credentials"`, as required by the OAuth 2.0 standard. * #### scope   string   Required You should use `"speed-analysis"`. If needed, you can specify a list of several scopes to get a token that can query several APIs (for example "data-export speed-analysis" if you want your token to cover both the [Data Export API](https://docs.contentsquare.com/en/api/export/) and Speed Analysis Lab API scopes). The only scope that cannot be combined with other scopes is `enrichment`. * #### project\_id   integer   Required only if you use account-level OAuth credentials, to specify which project of the account you want to target. ### Request example ```shell curl --location 'https://api.contentsquare.com/v1/oauth/token' \ --header 'Content-Type: application/json' \ --data '{ "client_id": "c3133d76-a768-4f5a-XXX", "client_secret": "0ISL0DEC;UyYKB;riWRS0EXXX", "grant_type": "client_credentials", "scope": "speed-analysis", "project_id": 42 }' ``` ### Response example ```json { "access_token": "eyJhbGciOiJSIsImtpY5MTXXX.CNTcKWAUb2mTp2cZyiDRYYOtGCKXXX", // to be used as bearer token to query the APIs "token_type": "bearer", "expires_in": 3600, "scope": "speed-analysis", "project_id": 42, "endpoint": "https://api.eu-west-1.production.contentsquare.com" // this is the base URL you should use to query the Speed Analysis Lab API endpoints - the provided URL depends on the cloud the project is installed on } ``` ## Example of authentication flow Below is a sample of JavaScript code to show a complete API call flow that first retrieves an access token and then use it to retrieve the list of segments on a project: ```javascript const clientId = ""; const clientSecret = ""; const authEndpoint = "https://api.contentsquare.com/v1/oauth/token"; const authRequestOptions = { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ client_id: clientId, client_secret: clientSecret, grant_type: "client_credentials", project_id: 42, scope: "speed-analysis", }), }; const authResponse = await fetch(authEndpoint, authRequestOptions); const authJsonData = await authResponse.json(); // Below are the access token and base URL that must be used to query the Speed Analysis Lab API endpoints const accessToken = authJsonData.access_token; const baseURL = authJsonData.endpoint; // Using the access token and base URL to query the Speed Analysis Lab API endpoints and get the monitoring list in this example const speedAnalysisLabResponse = await fetch(`${baseURL}/v1/speed-analysis/monitoring list`, { headers: { Authorization: `Bearer ${accessToken}` }, }); const data = await speedAnalysisLabResponse.json(); const monitorings = data.payload.monitorings; ``` ## OAuth credentials information endpoint POST [https://api.contentsquare.com/v1/oauth/me ↗](https://api.contentsquare.com/v1/oauth/me) ### Parameters * #### client\_id   string   Required The OAuth `client_id` generated from the Contentsquare console. * #### client\_secret   string   Required The OAuth `client_secret` generated from the Contentsquare console. ### Request example ```shell curl --location 'https://api.contentsquare.com/v1/oauth/me' \ --header 'Content-Type: application/json' \ --data '{ "client_id": "c3133d76-a768-4f5a-XXX", "client_secret": "0ISL0DEC;UyYKB;riWRS0EXXX", }' ``` ### Response example ```json { "scopes": "speed-analysis metrics data-export session-replay symbolicator", "permissions": { "projects": [ { "id": 42, "name": "UX ANALYTICS" } ] } } ```