Authentication

All endpoints are protected with OAuth2 client credentials.
View as Markdown

Every request to the PropertyPal APIs must be authenticated using the OAuth2 client credentials grant. Your client_id and client_secret are issued by the PropertyPal Feeds Team.

Don’t have credentials yet? Contact the PropertyPal Feeds Team at [email protected] to get set up.

Request a token

Exchange your credentials for a short-lived access token at the token endpoint:

Request an access token
$curl -X POST https://accounts.propertypal.com/oauth2/token \
> -H "Content-Type: application/x-www-form-urlencoded" \
> -d "grant_type=client_credentials" \
> -d "client_id=YOUR_CLIENT_ID" \
> -d "client_secret=YOUR_CLIENT_SECRET" \
> -d "scope=openid"

A successful response returns a bearer token:

Response
1{
2 "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVC...",
3 "token_type": "Bearer",
4 "expires_in": 3600,
5 "scope": "openid"
6}

Use the token

Send the token in the Authorization header on every API request:

Authenticated request
$curl https://rightmove-feed.propertypal.com/v2/property/commercial/DEMO-001 \
> -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
> -H "Rightmove-Agent-ID: 12345"

Cache and reuse the token until it expires, then request a new one. Avoid requesting a fresh token on every call.

Errors

StatusMeaning
401 UnauthorizedMissing or invalid credentials / token.
403 ForbiddenAuthenticated, but not permitted for this resource.

See the API reference for the full error model.