Authentication

ERPly Pro uses OAuth2 client-credentials via Cognito. Each tenant has a dedicated User Pool per environment (sandbox/staging/prod).

`POST /v1/auth/token`

curl -X POST https://sandbox.api.erply.pro/v1/auth/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials&client_id=$CID&client_secret=$CSEC"

import os, requests
r = requests.post(
    "https://sandbox.api.erply.pro/v1/auth/token",
    data={
        "grant_type": "client_credentials",
        "client_id": os.environ["ERPLYPRO_CID"],
        "client_secret": os.environ["ERPLYPRO_CSEC"],
    },
    timeout=5,
)
token = r.json()["access_token"]

Response

{
  "access_token": "eyJraWQ…",
  "token_type": "Bearer",
  "expires_in": 3600
}

Possible errors

HTTP	`Problem.type`	Cause
400	`malformed-json`	Body is not parseable.
401	`unauthorised`	Invalid `client_id` or `client_secret`.
429	`https://errors.api.erply.pro/rate-limited`	More than 60 tokens/min per tenant.

Best practices

Cache the token in memory; it expires in 1 h.
Use the Authorization: Bearer <token> header on all subsequent endpoints.
In long-running clients, refresh 5 min before expires_in.

POST /v1/auth/token​

Response​

Possible errors​

Best practices​

`POST /v1/auth/token`

Response

Possible errors

Best practices