1. Authentication
To ensure security in every interaction with the API Platform, we use the OAuth 2.0 standard for request authentication. Below are the key steps to authenticate correctly.
Step 1: Obtain the Access Tokenโ
Each client must request an access token using their client_id and client_secret.
The request is made through the following endpoint:
POST baseUrl/oauth/token?client_id=your_client_id&client_secret=your_client_secret&grant_type=client_credentials&scope=scope
Include the following credentials:
- client_id
- client_secret
- grant_type (usually "client_credentials")
- scope (specifies the permissions the application requires)
Using Basic Authenticationโ
To send the authentication request, the client_id and client_secret values must be concatenated in the format:
client_id:client_secret
This value must be Base64 encoded and sent in the Authorization header:
Authorization: Basic {Base64(client_id:client_secret)}
Using the scope parameterโ
In test environments, the value of scope should be test/full_access.
Step 2: Authenticate Requestsโ
Once you obtain the token, it must be included in the header of each authenticated request. The header must have the following format:
Authorization: Bearer {access_token}
This ensures that all requests are validated and authenticated by the server.
Step 3: Token Renewalโ
Access tokens have a limited validity period. When it expires, you must make a new request to obtain an updated token.
Remember to keep your credentials secure and renew the token before it expires to avoid service interruptions.
Useful Linksโ
The returned JWT is valid for 1 hour (3600 seconds).
