Skip to main content
The Instant Classification API uses OAuth2 password-flow authentication. You send your email and password to the token endpoint and receive a JSON Web Token (JWT). Include that token as a Bearer credential in every subsequent request.

Getting a token

Send a POST to /api/v1/login/access-token with application/x-www-form-urlencoded form data:
FieldValue
usernameYour account email address
passwordYour account password
curl -sS -X POST "https://instant-classification-api.thedatacity.com/api/v1/login/access-token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "username=you@yourcompany.com&password=YOUR_PASSWORD"
Response: 
{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "bearer"
}

Using the token

Add an Authorization header to every API request: 
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
Treat your access token like a password. Store it in an environment variable or secrets manager. Never check it into source control or include it in client-side code.

Token lifetime

Tokens are valid for 8 days from issue. After that, the API returns 401 and you need to request a new token. There is no refresh-token flow — when your token expires, call /api/v1/login/access-token again with your credentials.

Testing your token

To verify a token is valid without making a classification request, call: 
curl -sS -X POST "https://instant-classification-api.thedatacity.com/api/v1/login/test-token" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"
A valid token returns your user profile (email, name, role). An invalid or expired token returns 401.

Password recovery

If you forget your password:
  1. Send a POST to /api/v1/password-recovery/{email} with your account email.
  2. Check your inbox for a reset link containing a one-time token.
  3. Send a POST to /api/v1/reset-password/ with the token and your new password (minimum 8 characters).
The API always returns the same response regardless of whether the email exists, to prevent account enumeration.

Failure modes

StatusMeaningWhat to do
400Incorrect email or password.Check your credentials and try again.
400Inactive user.Contact support@thedatacity.com.
401Token missing, malformed, or expired.Request a new token from /api/v1/login/access-token.
See Errors for the full status-code matrix.
Last modified on May 25, 2026