Token
- Harish Kushwah
- Joe Wagner
Allows your website to pass a username, password and client_id to obtain an access token and a refresh token. The access token allows the site to interact with our API services (for a period of time) without using the username and password at all. When the access token expires, the refresh token can be used to generate a new access token which can then be used for continued access to our API.
Request
Action : POST
URL : http://<path_to_api>/token
Parameter (x-www-form-urlencoded)
Parameter | Description | Example |
|---|---|---|
grant_type | grant type | password |
username | Username | Supplied upon request |
password | Password | Supplied upon request |
client_id | The ID issued to your application | Supplied upon request |
device_id | Internal use only | N/A |
Response
Response message format
{
"access_token": "eEb0dvseVTasXGa-8Xj7a5lEEAjBTAIDaAiUmHASboNuIg ",
"token_type": "bearer",
"expires_in": 119999,
"refresh_token": "_p4Jeu1PP9_H6bkeZk9Ew6MdXtRRsvyrBQvFlhrnzPrkWfJHG9kWGo",
".issued": "Mon, 04 Mar 2019 10:17:44 GMT",
".expires": "Tue, 05 Mar 2019 19:37:44 GMT"
}Key details:
Key | Description | example |
|---|---|---|
access_token | OrDyWqNxG-kEHZVfDXoFe2iwRQAf.... | |
token_type | token type | bearer |
expires_in | lifetime of the tokenin seconds | 86399 |
refresh_token | _p4Jeu1PP9_H6bkeZk9Ew6MdXtR |
Keep this access_token and refresh_token securely.
You will need to pass the access_token with every API request header (Key : Authorization, Value: "Bearer "+access_token).
Use the refresh_token to create new access_token after it expires.
Refresh token
Access token will expire after a period of time, this service is to create new access token using the refresh token.
When you receive 401(Unauthorized Error) error code from any of our service you can assume the access token expired and create new token using the following procedure.
There is also an expiry time for refresh token, after the refresh token expiry you have to create new token using username, password and client_id (previous service).
Purpose
Request
Action : POST
URL: http://<path_to_api>/token
Parameter (x-www-form-urlencoded)
Parameter | Description | Example |
|---|---|---|
grant_type | grant type | refresh_token |
refresh_token | user name | _p4Jeu1PP9_H6bkeZk9Ew6MdXtR |
client_id | The ID issued to your application | 5ce76b38e994cb0e221632f2ccff0df4 |
Response
Response message format
{
"access_token": "XKV31w5gTaKAM9eTI8klFB-3yv9w2TzwCA-XPtOjnHFVR4Z",
"token_type": "bearer",
"expires_in": 119,
".issued": "Mon, 04 Mar 2019 08:59:10 GMT",
".expires": "Mon, 04 Mar 2019 09:01:10 GMT"
}Key details:
Key | Description | example |
|---|---|---|
access_token | OrDyWqNxG-kEHZVfDXoFe2iwRQAf.... | |
token_type | token type | bearer |
expires_in | lifetime of the tokenin seconds | 86399 |
Sample code
Check here
Copyright Ontech Solutions 2017-2024. All rights reserved, no part may be replicated or distributed without the express permission of the owner.