Token

Allows your website to pass a username, password and client_id to obtain an access token and a refresh token.  The access token allows the site to interact with our API services (for a period of time) without using the username and password at all.  When the access token expires, the refresh token can be used to generate a new access token which can then be used for continued access to our API.

Request

Action : POST
URL : http://<path_to_api>/token

Parameter (x-www-form-urlencoded)

Parameter

Description

Example

Parameter

Description

Example

grant_type

grant type

password

username

Username

Supplied upon request

password

Password

Supplied upon request

client_id

The ID issued to your application

Supplied upon request

device_id

Internal use only

N/A

Response

Response message format

{     "access_token": "eEb0dvseVTasXGa-8Xj7a5lEEAjBTAIDaAiUmHASboNuIg ",     "token_type": "bearer",     "expires_in": 119999,     "refresh_token": "_p4Jeu1PP9_H6bkeZk9Ew6MdXtRRsvyrBQvFlhrnzPrkWfJHG9kWGo",     ".issued": "Mon, 04 Mar 2019 10:17:44 GMT",     ".expires": "Tue, 05 Mar 2019 19:37:44 GMT" }

Key details:

Key

Description

example

Key

Description

example

access_token

access token

OrDyWqNxG-kEHZVfDXoFe2iwRQAf....

token_type

token type

bearer

expires_in

lifetime of the tokenin seconds

86399

refresh_token

refresh token

_p4Jeu1PP9_H6bkeZk9Ew6MdXtR

 

Keep this access_token and refresh_token securely.

You will need to pass the access_token with every API request header (Key : Authorization, Value: "Bearer "+access_token).

Use the refresh_token to create new access_token after it expires.

Refresh token

Access token will expire after a period of time, this service is to create new access token using the refresh token.
When you receive 401(Unauthorized Error) error code from any of our service you can assume the access token expired and create new token using the following procedure.
There is also an expiry time for refresh token, after the refresh token expiry you have to create new token using username, password and client_id (previous service).

Purpose

To refresh access tokens

Request

Action : POST
URL: http://<path_to_api>/token

Parameter (x-www-form-urlencoded)

Parameter

Description

Example

Parameter

Description

Example

grant_type

grant type

refresh_token

refresh_token

user name

_p4Jeu1PP9_H6bkeZk9Ew6MdXtR

client_id

The ID issued to your application

5ce76b38e994cb0e221632f2ccff0df4

Response

Response message format

{     "access_token": "XKV31w5gTaKAM9eTI8klFB-3yv9w2TzwCA-XPtOjnHFVR4Z",     "token_type": "bearer",     "expires_in": 119,     ".issued": "Mon, 04 Mar 2019 08:59:10 GMT",     ".expires": "Mon, 04 Mar 2019 09:01:10 GMT" }

Key details:

Key

Description

example

Key

Description

example

access_token

access token

OrDyWqNxG-kEHZVfDXoFe2iwRQAf....

token_type

token type

bearer

expires_in

lifetime of the tokenin seconds

86399

Sample code

Check here



Copyright Ontech Solutions 2017-2024. All rights reserved, no part may be replicated or distributed without the express permission of the owner.