Memsource REST API

REST API Authentication

Most API calls require an authenticated Memsource user. The APIs do not use any special user accounts. Each API can be called on behalf of any existing user using their username and password.


Before calling any API that requires an authenticated user, call the auth/login API to obtain an authentication token. The token is valid for 24 hours and can be used for all subsequent calls. Do not create a new token for every call.

In subsequent API calls, the obtained token is used in the Authorization header. The header value field is introduced with ApiToken followed by a space and the token itself.


ApiToken OKTiI2V7QqRDu0HADR2Fk2b9hCteI1pT06bOSk5OD8HSc3oCOHMzIgVtOtLV65hi

OAuth 2.0

Use OAuth 2.0 in applications instead of sending tokens with each call.

To establish the OAuth 2.0 connection, follow these steps:

  1. From the Setup Setup_gear.png page, scroll down to the Integrations section and click on Registered OAuth Apps.

    The Registered OAuth Apps page opens.

  2. Click New.

    The Create OAuth App page opens.

  3. Provide a Name, Redirect URI (Callback) and an optional Description.

  4. Click Save.

    The Registered OAuth Apps page opens with the new connection in the list and an associated Client ID.

    The ID is used in the application that connects to Memsource to establish the connection. It is stored in the Memsource database and is used to pair requests with the proper requester.

  5. Use these URLs with the generated Client ID for authorization:

    • Auth URL

    • Token URL

  6. When authorizing, use the Administrator account to log in and click Allow.

    The application is now linked with Memsource and the authentication API call will not be required.

Asynchronous APIs

Asynchronous APIs should always be preferred to their synchronous counterparts. If calling synchronous APIs, there is a chance of receiving timeout expired responses when processing large batches of files or even a single large file. Synchronous APIs should only be used for small files and small scale Memsource integration.


After calling an asynchronous API, an instant response is received including the identifier request. Use this identifier to check the status of the request by calling getAsyncRequest and checking the asyncResponse field. This polling approach can lead to a number of getAsyncRequest calls before receiving an asyncResponse that is not null.


As a response to the drawbacks of the polling approach to asynchronous requests, support for callbacks in all asynchronous APIs is supported. When calling an asynchronous request, specify a URL (in the callbackUrl parameter) that is requested after the work initiated by the asynchronous request is complete.

Callbacks are requested via HTTP POST calls and the data is passed on in the body encoded as JSON. The JSON object always contains:

  • Information about the asynchronous request (the same as when calling getAsyncRequest).

  • Detailed information about the result of the action such as a full analysis or job details.

   "asyncRequest": {
 "analyse": {   

If a callback URL is not accessible, the request is repeated after 2, 4, 8, 16, and 30 minutes until 10 retries have failed.

Your callback URL must respond with the 200 OK HTTP status code to be considered successful on our side.

Callback URL must respond with the 200 OK HTTP status code to be considered successful.

Was this article helpful?

Sorry about that! In what way was it not helpful?

The article didn’t address my problem.
I couldn’t understand the article.
The feature doesn’t do what I need.
Other reason.

Note that feedback is provided anonymously so we aren't able to reply to questions.
If you'd like to ask a question, submit a request to our Support team.
Thank you for your feedback.