Skip to content
VizSeek Docs
Main site Contact

Authentication

VizSeek uses bearer tokens for most API calls, but there are three different patterns you need to know:

PatternUsed byHow you send it
App bearer tokenLogin, registration, utility calls that do not need a signed-in userAuthorization: Bearer <access_token>
User bearer tokenSearch, file upload, RFQ, saved searches, company actionsAuthorization: Bearer <access_token>
Search image token/api/Image URLs returned from search resultstoken=<short_lived_token> in the query string

Bearer header format

Section titled “Bearer header format”
Authorization: Bearer YOUR_ACCESS_TOKEN

Use Content-Type: application/json for the legacy JSON-string body endpoints, application/x-www-form-urlencoded for /api/Token, and application/octet-stream for the raw binary upload endpoints.

Which endpoints need which token

Section titled “Which endpoints need which token”
Token requirementTypical endpoints
No bearer tokenPOST /api/Token, GET /api/Version
App token is enoughGET /api/User, PUT /api/User, GET /api/ValidUploadFileTypes
User token requiredSearch, File, FileBinary, FileBinaryDirect, FileAttributes, RFQ, MonthlyUsage, CompanyLogo, SavedSearches, IsEmployee, PMIData
Query token instead of bearerGET /api/Image

App token vs user token

Section titled “App token vs user token”

Use an app token when the call only needs to know which API client is calling. Use a user token when the endpoint needs a company context, a user identity, or permission checks tied to a signed-in user.

In practice:

  • Get an app token first so you can call /api/User, /api/User PUT, or /api/ValidUploadFileTypes.
  • Get a user token when you want to upload files, run searches, manage attributes, or use RFQ features.

Search image tokens

Section titled “Search image tokens”

Search responses may return thumbnail or large-image URLs that look like this:

/api/Image?fid=<file_uid>&type=0&token=<short_lived_token>

That token is created specifically for /api/Image. Do not replace it with your bearer token.

Route format

Section titled “Route format”

Every documented controller supports both forms below:

  • /api/Search
  • /Search

The examples in this docs set use /api/... because that is the most common integration style in existing customer code.

What to expect on auth errors

Section titled “What to expect on auth errors”
  • Missing or invalid bearer tokens usually return 401 Unauthorized.
  • Some endpoints do additional validation after auth succeeds and may return 400 Bad Request instead.
  • /api/Image returns 400 if the query-string token is missing or invalid.

Next step

Section titled “Next step”

Use the Token endpoint page for the exact grant types, request payloads, and refresh-token flow.