All our endpoints support OAuth 2.0 authentication. See our API documentation for the technical specification of how it works and discover how to authenticate with our API for the first time in this Getting Started guide.

If you aren't authenticated, you won't be able to make successful calls to our API. Be sure to follow the tips outlined below to avoid any unexpected errors when calling our API.


Stuart API tokens are in JWT format up to 8KiB in length. When storing your token, such as If you persist the token in a database, the column used to store it should not have a length limit. Please be sure that your access token is not being stored in a fixed-length variable. We would advise using dynamic memory allocation for this string value.


Your authentication access token will last 1 month and will be returned with an 'expires_in' value to indicate when it will expire. We strongly advise caching your access token and only renewing it when it’s expired or when you receive an INVALID_GRANT error from the API.

Client libraries

To save time and effort, you can use our client libraries when developing your integration. When doing so, be sure you’ve added a caching mechanism as detailed in the documentation. Here is an example of how to add caching in our PHP client library.

Error handling

In the case that an API request that you make is invalid, you’ll receive a 401 error response with the error code INVALID_GRANT. Upon receiving this error, we advise simply requesting a new access token.