Each service uses OAuth authorization.
Service specification #
1) The authentication flow is initiated by requesting an access token from the token endpoint of the OAuth authorization server.
| Url | {{oauthUrl}}/realms/Signatus/protocol/openid-connect/token |
| Method | POST |
| Auhorization | Basic clientId : clientSecret in base64 |
| Content Type | application/x-www-form-urlencoded |
| Response type | application/json |
Request description #
Request parameters :
| Key | Value | Description |
| grant_type | password | The Password grant type is a legacy way to exchange a user’s credentials for an access token. |
| username | user name | Technical user login |
| password | user password | Technical user password |
HTTP- Click to view HTTP code snippet
POST /realms/Signatus/protocol/openid-connect/token HTTP/1.1
Host: oauth.ana.sk
Content-Type: application/x-www-form-urlencoded
Authorization: Basic c2lnbmF0dXM6VWR3djU0MmkwUFp6Q3ZkVWtLYnJqUEd3bDJvb3NIVlQ=
Content-Length: 62
grant_type=password&username=demo.api&password=secretResponse description #
Response example :
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJJTGNWSnp4SFkyd1RDcGlLZU5Oa2VmbWZHa1ljUnBtQ1lMMUhsNG13Zm5VIn0.eyJleHAiOjE3NTM5NTIzNzEsImlhdCI6MTc1Mzk1MjA3MSwianRpIjoiYWI1YTJlYmEtNTZkZi00Y2ZkLTkyOGYtMTU3ZWMyYzU1N2RlIiwiaXNzIjoiaHR0cHM6Ly9vYXV0aC5hbmEuc2svcmVhbG1zL1NpZ25hdHVzIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6ImYzYmUxYTY2LTU1M2YtNGFlOC04OTUyLTY3OGQ4NTU2ZDAxYiIsInR5cCI6IkJlYXJlciIsImF6cCI6InNpZ25hdHVzIiwic2lkIjoiYTczMTkzMmItOTAyNC00ZWU5LWFlOTEtNWZlNTJmYWIzNjliIiwiYWNyIjoiMSIsImFsbG93ZWQtb3JpZ2lucyI6WyIvKiJdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsiUk9MRV9QUk9YWSIsImRlZmF1bHQtcm9sZXMtc2lnbmF0dXMiLCJST0xFX1BPUlRBTCIsIlJPTEVfVVNFUiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoicGhvbmUgZ3JvdXBzIHRlbmFudGlkIHByb2ZpbGUgZW1haWwiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInRlbmFudGlkIjoiZGVtbyIsIm5hbWUiOiJQYXZvbCBQdW5hIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiZGVtby5hcGkiLCJnaXZlbl9uYW1lIjoiUGF2b2wiLCJmYW1pbHlfbmFtZSI6IlB1bmEiLCJlbWFpbCI6InBhdm9sLnB1bmFAYW5hc29mdC5jb20ifQ.PP-jqR34m5dLEzpLNKK0hgk2PM9L3Q2WqR9aZjFRRG7mPZJ538gqlyh9WZU8R33njAjIq6Uo4Ty8qTrwGgRrpqnA8lVRvPnKimLzN8qDmAzBE29JxitQ3AYLC4VFpvp2zU0WTugypE84X1Km3Dd5O8efhDe2M41LNtsaT1ys2Y8qZb6dZVkTOexQ2YAqycCE4TCD1bPXYRQzI2miiuiz2Ik0KK-3ommk7C4JM83jw1ZxZF3ZLka7xmILxKZcHqIkahPDltmF-yxox5yPKIwnbbgvu8M8oqgsZp33fEH-6I4p8jInzymDseYze0O0hDdHzb58aV-cmoDXb5YBQ5VDtQ",
"expires_in": 300,
"refresh_expires_in": 1800,
"refresh_token": "eyJhbGciOiJIUzUxMiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI5N2NkY2NkNC01M2M4LTQxMWUtYjAwOC02NTk1ODNiZjk5MDUifQ.eyJleHAiOjE3NTM5NTM4NzEsImlhdCI6MTc1Mzk1MjA3MSwianRpIjoiYTNjZTdlNmEtMzdmNy00MzkzLTgwYzktYTZmZjg2ODdlMjZhIiwiaXNzIjoiaHR0cHM6Ly9vYXV0aC5hbmEuc2svcmVhbG1zL1NpZ25hdHVzIiwiYXVkIjoiaHR0cHM6Ly9vYXV0aC5hbmEuc2svcmVhbG1zL1NpZ25hdHVzIiwic3ViIjoiZjNiZTFhNjYtNTUzZi00YWU4LTg5NTItNjc4ZDg1NTZkMDFiIiwidHlwIjoiUmVmcmVzaCIsImF6cCI6InNpZ25hdHVzIiwic2lkIjoiYTczMTkzMmItOTAyNC00ZWU5LWFlOTEtNWZlNTJmYWIzNjliIiwic2NvcGUiOiJwaG9uZSBncm91cHMgYmFzaWMgcm9sZXMgd2ViLW9yaWdpbnMgdGVuYW50aWQgYWNyIHByb2ZpbGUgZW1haWwifQ.vDFPITlWFHPSXQNVhcwSkJueybZmJfVtt33PI892CBExk68UhDVln5l9uMGBNgqq1rAyYpxouIMsr4vfbk2cvg",
"token_type": "Bearer",
"not-before-policy": 0,
"session_state": "a731932b-9024-4ee9-ae91-5fe52fab369b",
"scope": "phone groups tenantid profile email"
}2) The access_token retrieved from the response must be used to construct the Authorization header for API requests, prefixed with the ‘Bearer’ scheme.”
| Authorization | Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJJTGNWSnp4SFkyd1RDcGlLZU5Oa … |