Skip to main content

Authentication in InCountry

REST API Authentication

To authenticate in the REST API, you should get an OAuth2 access token and then provide it as an Authorization Bearer token in the REST API requests.

Creating an Access Token

To obtain an oAuth token, you should send a request to the authorization server with the credentials received on InCountry Portal.

Firstly, you need to determine AUTH_ENDPOINT for your country. Under the spoiler you can find available countries and corresponding auth servers.

Countries and auth endpoints

The following documentation lists the country codes supported by the InCountry platform.

This data was current as of April 2024.

Americas, Europe, Middle East, Africa, India


Please use the following authorization endpoint when writing regulated data to the countries of this region: or

Country CodeCountry
USUnited States
AEUnited Arab Emirates
SASaudi Arabia

Asia & Asia-Pacific (except India)


Please use the following authorization endpoint when writing regulated data to the countries of this region:

Country CodeCountry
CNChina (Hong Kong)

Updates & Accuracy


Please note that this may not be an exhaustive list. For more information, please contact us at

The request template is the following:

curl '{AUTH_ENDPOINT}' \
--user '{client_id}:{client_secret}' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'User-Agent: Client-name' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'audience={restapi_url} {storage_url}' \
--data-urlencode 'scope={environment_id}'
const { default: axios } = require('axios');

const requestHeaders = {
'Accept': '*/*',
'Cache-Control': 'no-cache',
'Accept-Encoding': 'deflate, br',
'Connection': 'keep-alive',
'Content-Type': 'application/x-www-form-urlencoded',

const config = {
headers: requestHeaders,
responseType: 'json',
params: {
activate: true
auth: {
username: client_id,
password: client_secret,

const data = {
grant_type: 'client_credentials',
audience: `${restapi_url} ${storage_url}`,
scope: environment_id,

const response = await`${AUTH_ENDPOINT}`, data, config);

You received client_id, client_secret, environment_id and restapi_url on the Step 3 of Prerequisites. To get storage_url, remove "-restapi" substring from the restapi_url. For example, if restapi_url= then storage_url=


The User-Agent header is mandatory. You can set it to any value you want or leave it as the default if your HTTP client has one.

The response is defined as follows:

"access_token": <token>,
"expires_in": 300,
"scope": <environment_id>,
"token_type": "bearer"

Use access_token as a Bearer auth token for all subsequent requests to RestAPI.

Web Services Authentication

To authenticate in Web Services, if the service and endpoints are configured correctly, you don't need any special authentication. In Web Services, InCountry mostly relies on the authentication mechanisms of the application backend.