Skip to content
Developer home


  Less than to read

Sage ID Access Token Generation

With every Sage 200 API request you must supply a valid Access Token within the Authorization header

Authorization:  bearer ‹‹Access Token››

There are typically three different types of applications:

  • Native
    Used for mobile, desktop or hybrid apps, that run natively in a device, like Android, iOS, Ionic, Windows, OS/X.

  • Single Page Web Applications
    Used for JavaScript front-end apps that run on a browser, like Angular, jQuery or React.

  • Regular Web Applications
    Used for traditional web applications that run on a server, like ASP .NET, Java, Ruby on Rails or Node.js.

To obtain an Access Token, your application must supply some parameters to Sage ID, Client Id and Client Secret for Regular Web Application and just a Client Id for Native and Single Page Web Application. As described in the Developer keys section, these parameters will be sent directly to you by email. Once you have received it, follow the specific section based on your application type.

Implementing the Authentication Flow

To get the most out of the Authentication sections, we recommend that you install and use Postman, a multiplatform REST client with intuitive GUI for configuring HTTP requests, designing JSON payloads, and viewing HTTP responses. Here you have a Postman collection with all the steps and requests needed to implement the Authentication flow.