The Arc API uses Bearer Access Tokens for authentication. Access tokens are created by POSTing to the Create an access token endpoint. To authenticate, API clients must use the client_id and client_secret provided in the Arc Dashboard. Your client_id and client_secret should be stored securely and not exposed to external systems
API Requests
To authenticate any API request, set the Authorization header to Bearer ${ACCESS_TOKEN} using the access token from the /auth/access_token endpoint. Tokens expire after 2 hours.
Connect
Client User Id
You will need to provide a unique identifier for your user when initializing the Connect flow. This identifier is the primary method of associating responses from Arc's API with a particular user record stored in your backend.
After the user submits their credentials in Connect, their utility data can be retrieved in two ways:
- Listening to incoming webhooks where the
client_user_idin the body
matches the provided value - Polling for Utility Credentials and Utility Statements via the Plug API
Connect Token
Connect must be initialized with a Connect Token scoped to the user entering the Connect flow. To retrieve a Connect Token, post to the /auth/connect_token endpoint. For new users, or existing users creating an additional utility credential, post with a unique client_user_id parameter. For users editing an existing utility credential, post with the utility_credential_id parameter corresponding to the utility credential to be updated. Make sure the Authorization header is set to Bearer ${ACCESS_TOKEN}. Tokens expire after two hours.