To get started with the Accumin Intelligence Real Estate API, you'll need to register for an API key. Once you have your key, you can begin making API calls to access real estate data, perform valuations, and more. See the Authentication section for details on how to authenticate your requests.Stay ahead in the real estate market with Accumin Intelligence Real Estate API, your source for reliable data, insights, and valuations.Securing Access#
The API employs multiple methods to secure access to its endpoints, safeguarding the exchange of data and ensuring that access is granted only to authorized users. Depending on your application's architecture and security requirements, you can choose from the following authentication methods:1.
Token-based authentication: This method is recommended for web applications. It involves generating a temporary access token that must be included in the headers of your API requests. Tokens have a limited lifespan and offer a secure way to authenticate requests without exposing sensitive credentials on each call.
2.
Consumer Secret: Recommended for Machine-to-Machine (M2M) applications, where two applications need to communicate with each other without human intervention. This method uses a consumer ID and a secret.
3.
Direct authentication with master API-KEY: This method is available but not recommended for production environments due to security considerations. It involves using a master API key directly in your requests, which poses a higher risk if the key is compromised.
Create a new Application/Consumer#
Before making API calls, you need to create an application (or consumer). A consumer represents an application or a service that will interact with the API. Here’s how you can create a new consumer:{
"message": "Verification token sent. Check your email.",
"consumer_id": "2536-****-3c93b5f7f616",
"verified": false
}
{
"name": "Application A",
"consumer_id": "2536-****-3c93b5f7f616",
"secret": "2536-****-3c93b5f7f616",
"verified": true
}
List Applications/Consumers#
To view all the applications associated with your account:
[
{
"consumer_id": "2536-****-3c93b5f7f616",
"name": "App1",
"description": null,
"created_at": "2024-01-11T12:37:20.424000",
"is_verified": true,
"is_revoked": false
},
...
{
"consumer_id": "2536-****-3c93b5f7f616",
"name": "App2",
"description": null,
"created_at": "2024-01-11T12:45:28.074000",
"is_verified": false,
"is_revoked": false
}
]
Rotate Consumer Secrets#
For security reasons, it's a good practice to rotate consumer secrets periodically:Output: YOUR_CONSUMER_SECRET (as secret)
Revoke Consumer Application#
For security reasons, you can also revoke a consumer application:Rotate your master API Key frequently#
To maintain the security of your application, it is advisable to regularly rotate your master API Key:Output: YOUR_CONSUMER_SECRET
Obtaining an Access Token#
1.
Register for an API Key: To get started, you must first register for an API key. Visit our developer portal and sign up to receive your API key and secret.
2.
Generate an Access Token: With your API key and secret, you can generate an access token by making a request to our authentication endpoint. Here's how you can do it using curl:Replace YOUR_API_KEY and YOUR_API_SECRET with your actual API key and secret. 3.
Response: The response will include an access_token that you'll use for authenticating your API requests. Here's an example response:{
"access_token": "eyJhbGciOi...",
"refresh_token": "eyJhbGciOi...",
"token_type": "Bearer",
"expires_in": 3600
}
Using the Access Token#
Once you have your access token, include it in the Authorization header of your API requests:Replace YOUR_ACCESS_TOKEN with the access token you obtained in the previous step.Token Expiry#
The access_token is valid for a limited period (typically 1 hour). Once it expires, you will need to generate a new token using your API key and secret. Ensure your application can handle token renewal to maintain uninterrupted access to the API.Best Practices#
Security#
Keep your API key and secret safe. Do not expose them in client-side code or in public repositories.Token Renewal: Implement token renewal logic in your application to automatically obtain a new token when the current one expires.
Rate Limits: Be mindful of the API's rate limits. Authenticating every request separately can quickly exhaust your limit, so reuse tokens $lt they expire.
Restrictions#
The API is designed as a passive service: it processes incoming requests and does not persist user data. Under normal circumstances, no additional access constraints are required. If stricter controls become necessary, access can be limited by IP address or confined to private network environments such as VPC-only connections.CORS#
CORS headers are included in every response by default, so our endpoints can be called from any domain or device.The returned CORS headers are:Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Modified at 2025-12-09 18:54:15
