Authentication

The SleepHQ API can be authenticated using either a logged in user's browser session or an OAuth2 bearer token.
The user's session takes priority if both are present.

You are not currently logged in using a browser session

This browser is not currently logged in using a user's browser session.
To make successful API calls below, you will need to authenticate using the OAuth2 bearer token.
You are not currently logged in using a user's browser session. You will need to Authorize using API credentials before you can make requests.
To get an OAuth bearer token, make a POST request to:

You are currently logged in using a browser session

You are currently logged in as Unknown user. Any API requests you make below will be made using your browser session.
To test API credentials, you need to log out of your SleepHQ account and refresh this page.

You are currently authenticated using API credentials.

Any API requests you make below will be authenticated using your API credentials.
Manually generating a bearer token
In your own application, you will need to implement the OAuth2 authorization flow to obtain a bearer token.
To get a bearer token, make a POST request to the /oauth/token endpoint.
For example:

curl POST "https://sleephq.com/oauth/token" \
  -d "client_id=my-client-id" \
  -d "client_secret=my-client-secret" \
  -d "grant_type=password" \
  -d "scope=read write delete"
The response will be:

{
    "access_token": "my-access-token",
    "token_type": "Bearer",
    "expires_in": 7200,
    "refresh_token": "an-invalid-refresh-token",
    "scope": "read write delete",
    "created_at": 1752817725
}
Please note that the OAuth spec does not allow the password grant to use refresh tokens. Even though you get a refresh token back in the response, you will need to generate a new token each time the current token expires.
We recommend continuing to use the bearer token until you receive a 401 Unauthorized response. The response body will be: 

{
  "error": "The access token expired"
}