Some API credentials will have access to multiple Firms. Since a token is only scoped to a single firm, if the user of the api wants to access a different firm they have access to, they will have to get a new token using the “Switch” authentication, where the current token along with an ALClientID (aka FirmId) is provided.
To “switch” firms, make a GET api call to the /token endpoint, pass your current auth_token in the Authorization Header with the “Switch” type. Also, add a second header for the “ALClientid” which you will need the FirmID of the firm you want to swith to.
/Security/token
(Headers)
Authorization: Switch (accesstoken)
Alclientid: (firm Id) This will respond with a new access_token, which is scoped to the new firm. Add ‘Session’ before your new access token when making the call to the new database. If you do not have access to the requested firm, a 401 unauthorized is returned.