MG Stover & Co.

Contact Support

Help Center

Rest API: ( ms)
Exchange Integrations: ( ms)
Web Version: Ik60Lyy

Help Center

API Keys & Authentication

Complete guide to generating and using Otto API access tokens

Overview

The Otto API allows you to interact with Otto programmatically via REST endpoints. API access requires authentication using OAuth 2.0 client credentials.

Note: The Otto API is currently in beta mode. Features and endpoints may change.

Base URL: https://api.ottodigital.io

Authentication: OAuth 2.0 with Client Credentials grant type

API Documentation: View API Reference

Step 1: Create API Key

Navigate to Settings:
Log in to Otto and click the Settings tab in the top right corner of the application
Open API Keys:
Go to the API Keys section and click “New API Key”
Save Your Credentials:
Copy both the Client ID and Secret immediately and store them in a secure location
Warning: The secret will only be shown once and cannot be retrieved later. Make sure to copy and securely store it before closing the dialog!

Step 2: Generate Access Token

Use your Client ID and Secret to request an access token from the OAuth endpoint.

Token Endpoint:

https://keycloak.mgstover.com/realms/otto-prod/protocol/openid-connect/token

Example (Python):

import requests

url = 'https://keycloak.mgstover.com/realms/otto-prod/protocol/openid-connect/token'

payload = (
    f'client_secret={secret}'
    f'&client_id={client_id}'
    f'&grant_type=client_credentials'
)

headers = {
    'Content-Type': 'application/x-www-form-urlencoded'
}

response = requests.request("POST", url, headers=headers, data=payload)
result = response.json()
token = result['access_token']

Example (cURL):

curl -X POST https://keycloak.mgstover.com/realms/otto-prod/protocol/openid-connect/token \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'client_id=YOUR_CLIENT_ID' \
  -d 'client_secret=YOUR_CLIENT_SECRET' \
  -d 'grant_type=client_credentials'

The response will contain an access_token field that you'll use to authenticate API requests.

Step 3: Use the Access Token

Include the access token in the Authorization header for all API requests.

Header Format:

Authorization: Bearer YOUR_ACCESS_TOKEN

Example (Python):

import requests

headers = {
    'Authorization': f'Bearer {token}'
}

response = requests.get('https://api.ottodigital.io/YOUR_ENDPOINT', headers=headers)
data = response.json()

Example (cURL):

curl -X GET https://api.ottodigital.io/YOUR_ENDPOINT \
  -H 'Authorization: Bearer YOUR_ACCESS_TOKEN'

Best Practices

Secure Storage: Never commit API credentials to version control. Use environment variables or secure secret management systems
Token Expiration: Access tokens expire after a period of time. Implement token refresh logic to automatically request new tokens when needed
Rate Limiting: Be mindful of API rate limits. Implement exponential backoff for retry logic
Rotate Credentials: Regularly rotate your API keys, especially if they may have been compromised

Additional Resources

API Reference Documentation - Complete list of available endpoints and parameters

Back to Help Center

UTC