OAuth Authentication for 8x8 XCaaS APIs

How to generate an access_token for use with 8x8 XCaaS APIs

A number of 8x8 XCaaS APIs use OAuth authentication. For these APIs the initial step is to generate an access_token to be used in the subsequent API calls.

Analytics and Content APIs using OAuth Method:

Other APIs using OAuth Method:


You will need a working API key to begin

How to get API Keys

The URL for the OAuth Authentication is: https://api.8x8.com/oauth/v2/token

Authenticate to retrieve access token

Using the key and secret from Admin Console as the username and password use Basic Authentication.


Method: POST


Authorizationβœ“Basic Authentication where username is the value of clientId and the password is the value of secret.
Example shows value for
Basic bXljbGllbnRJZDpuZXZlcnRlbGxhbnlvbmU=
Content-Typeβœ“Specify form content type to pass the grant_type in the bodyapplication/x-www-form-urlencoded



Table contains the values for the x-www-form-urlencoded body

grant_typeβœ“Must be client_credentialsclient_credentials

Authentication Request

curl --location --request POST 'https://api.8x8.com/oauth/v2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic base64encode({clientId}:{secret})' 
--data-urlencode 'grant_type=client_credentials'

Authentication Response


    "access_token": "{{TOKEN_VALUE}}",
    "token_type": "BearerToken",
    "api_product_list": "[CE-PCS-Product, CE-RCS-Product, Chat, QM - API, analytics product, analytics realtime-api, chat-gateway, storage, vcc]",
    "status": "approved",
    "scope": "",
    "refresh_token_expires_in": "0",
    "expires_in": "1799",
    "refresh_count": "0",
    "developer.email": "deprecated",
    "issued_at": "1683045181383",
    "client_id": "deprecated",
    "api_product_list_json": [
        "QM - API",
        "analytics product",
        "analytics realtime-api",

Outputs that are used in the subsequent API

issued_at : Epoch time of when the token was issued
expires_in: Number of seconds before this access_token will expire.

If your use case will leverage the access_token for a period that could exceed the lifetime of the token ensure that your code either handles an error based on the token expiration OR requests a new token before the current token expires. We recommend against getting a new token for every request as this will result in added duration and processing on both sides.

access_token: This is the token that will be passed into subsequent API calls as a Bearer Token. In the example above the access_token is 3yKcgVwWCJM14dXxKDBAEDGcythJ

access_token: is used to populate Authorization header in the subsequent request set to Bearer {access_token} (Space between Bearer and the access_token)

Example using the access_token above to make a request to the CC Realtime Metrics queues endpoint.

curl --location --request GET 'https://api.8x8.com/analytics/cc/v5/realtime-metrics/queues' \
--header 'Authorization: Bearer 3yKcgVwWCJM14dXxKDBAEDGcythJ'

api_product_list : This is the list of APIs the provided credentials (and this generated access_token) are valid for. This can be one or more API Products.
Adding or removing APIs from an existing API key will not be instantaneous as there is some replication delay for cached objects.

List of APIs and whether they use this OAuth process

API Product NameAPI DescriptionOAuth
analytics realtime-apiContact Center Realtime & Historical Analyticsβœ”οΈ
storageCloud Storage Serviceβœ”οΈ
QM - APIQuality Management & Speech Analyticsβœ”οΈ
vccContact Center Chatβœ”οΈ
ChatCHAPI Work Chat❌
analytics productWork Analytics❌
CE-PCS-ProductCustomer Experience Post Call Survey❌
CE-RCS-ProductCustomer Experience Recent Calls❌