Authentication
Get Token
Get an authorization token for api requests that require auth.
Request
URL : /api/oauth/token
Method : POST
Authorization Required : No
Content Type : application/json
Body
| Name | Type | Description | Required |
|---|---|---|---|
| grant_type | String | Auth Type. | :heavy_check_mark: |
| username | String | Username of API Authorized Account | :heavy_check_mark: |
| password | String | SHA-256 Hash of Account Password | :heavy_check_mark: |
Example
{
"grant_type": "password",
"username": "jcsnider",
"password": "5E884898DA28047151D0E56F8DC6292773603D0D6AABBDD62A11EF721D1542D8"
}Notes
- The grant type to receive an auth token is ‘password’.
- Password must be a SHA-256 hash of the user’s password, with hyphens removed.
- You can generate a SHA-256 hash of a plaintext password here (on this site).
Response
Condition : If authentication was successful and token was generated.
Code : 200 SUCCESS
Example
{
"access_token": "4RoC_BqVns0p7guzWe-Ah4C6SiVmNcBO0KnFNLtGCxuPZbfF9QJnGc5zbrhM-EQ8c_fajWk076pyI-bjaUPsfyd_c2u5XLCANc4khfpTmq87ksvjDpMI87NVIWOCy1QAUTQoszf-CSkweyw-At31UjBUBTQ6iuidQcG-eZqdnecjKDWQ5vOBZpjI-Xlz7m8UZBjuEWf4sFIqbAnIQl54F8VSIr26QtcUROkUWepLFPqSa8ZO110vg5xefTy-wJmEwbn1zOAuSMR6yKah39GBU_xtkuHw1WaiJ_iSQLRiF7z-v0Ct1DYbMrmqaVdFI1xUwsrFN3WWgwpxxsXEBajcFkL9Ou7MSQBwWlI5sU4WlYJbKAGlaMJU9sohK5I3Q3B34UTub0xNdiyhqzn9E0HIep_RUzzE1YZhGmV3bBoV-cYTxSTfpTXIFuH9f8tbv-FPhylWY__hqndUKVpq4ez2n9HqfCdDi6HdYd1mcTyDTABdy248VeMPqiwKUl-95w87",
"token_type": "bearer",
"expires_in": 299,
"refresh_token": "efd947fe-a874-4259-9b06-41a8a9505e35",
".issued": "Mon, 29 Jul 2019 19:52:04 GMT",
".expires": "Mon, 29 Jul 2019 19:57:04 GMT"
}Notes
- The refresh_token is the token’s id, it is used to refresh or delete the token using the routes below.
- For all requests that require authentication you will need to supply the access token within the request header. The proper format can found below.
| Header | Type | Value |
|---|---|---|
| authorization | String | Bearer [access_token] |
Example
authorization: Bearer 4RoC_BqVns0p7guzWe-Ah4C6SiVmNcBO0KnFNLtGCxuPZbfF9QJnGc5zbrhM-EQ8c_fajWk076pyI-bjaUPsfyd_c2u5XLCANc4khfpTmq87ksvjDpMI87NVIWOCy1QAUTQoszf-CSkweyw-At31UjBUBTQ6iuidQcG-eZqdnecjKDWQ5vOBZpjI-Xlz7m8UZBjuEWf4sFIqbAnIQl54F8VSIr26QtcUROkUWepLFPqSa8ZO110vg5xefTy-wJmEwbn1zOAuSMR6yKah39GBU_xtkuHw1WaiJ_iSQLRiF7z-v0Ct1DYbMrmqaVdFI1xUwsrFN3WWgwpxxsXEBajcFkL9Ou7MSQBwWlI5sU4WlYJbKAGlaMJU9sohK5I3Q3B34UTub0xNdiyhqzn9E0HIep_RUzzE1YZhGmV3bBoV-cYTxSTfpTXIFuH9f8tbv-FPhylWY__hqndUKVpq4ez2n9HqfCdDi6HdYd1mcTyDTABdy248VeMPqiwKUl-95w87Refresh Token
Refreshes an existing token delaying it’s expiration.
Request
URL : /api/oauth/token
Method : POST
Authorization Required : Yes
Content Type : application/json
Body
| Name | Type | Description | Required |
|---|---|---|---|
| grant_type | String | Auth Type. | :heavy_check_mark: |
| refresh_token | String | Refresh Token Id | :heavy_check_mark: |
Example
{
"grant_type": "refresh_token",
"refresh_token": "efd947fe-a874-4259-9b06-41a8a9505e35"
}Notes
- The grant type should be ‘refresh_token’.
Response
Condition : Token Refreshed
Code : 200 SUCCESS
Example
{
"access_token": "3OSlfC8yg_fcSGdAGa9n63mDnvwfVhSOo1lgdj0-q4l2EsFvZ1nbZYVoqJd27TI4ksZALxJbzpwcvDHJwg8Frmvlvys-VHE0TLSNK-_o7YvgT2TA3BIASI2nQdA6dx_LIuB5LJhQpIWrlypCpEgP_FRtDfGevUEVpskTP7wB0VDw02RsVaNW19qKWMNwdqU07KxvtY-ghWquMVw1UQfR5LQTbt48b-e741CeFSa1zCD7Zt3UCjaG5NYt7YawOnS-qsA0dL3fCNhQbhjVVe2UZ613JledeiZowKmoIMPqxH9wuTbSvMOqx-YRH2GItVIzk5EfV-gnpZvFUlAtpZjmQqsxUlWX0CWpvpT6Vcr4NMnNCB8MhSuOjNBDQBkA5Z7QVxgEuywa3lyYDuWnD6OpystzuyTWnF3ETzgb8DfgmbGu_VxpdpBgufq9yeVE0KPh8XaIEVkICDIzJCArmPWgrgHr_AXnsl-OwBL-VoNgs7j6BlN_jHQ_Wd6A5LoJU_mv",
"token_type": "bearer",
"expires_in": 299,
"refresh_token": "e27a8020-f9bb-419b-8a06-5421a1452a78",
".issued": "Thu, 01 Aug 2019 19:44:09 GMT",
".expires": "Thu, 01 Aug 2019 19:49:09 GMT"
}Delete Token
Deletes the token associated with a given authorization header.
Request
URL : /api/oauth/token/[username]
Method : DELETE
Authorization Required : Yes
Body : None
Notes
- The tokenId within the request url is returned as the ‘refresh_token’ in the Get Token and Refresh Token responses.
Response
Condition : Token Deleted
Code : 200 SUCCESS
Example
{
"username": "jcsnider"
}Delete Token By Id
Deletes an authorization token preventing further use.
Request
URL : /api/oauth/token/[username]/[tokenId]
Method : DELETE
Authorization Required : No
Body : None
Notes
- The tokenId within the request url is returned as the ‘refresh_token’ in the Get Token and Refresh Token responses.
Response
Condition : Token Deleted
Code : 200 SUCCESS
Example
{
"username": "jcsnider",
"tokenId": "c7edff1c-ef0a-47e5-ba5f-a08b169c411e"
}