Change log:
Date: | Author: | Version: | Changes: | Completed | Ext. | Int. | Is in Core | Jira Ref. |
|---|---|---|---|---|---|---|---|---|
15 November 2018 | Emil Ion Ifrim | 1.0 | Doc. created | Yes |
x | N/A |
The purpose of this section is to describe how to authenticate when making API calls using the Rator REST API.
...
For obtaining access/bearer tokens the following of RFC-6749's grant flows are only "password" grant flow is supported, plus a custom password flow for authentication of Operators:
...
$ curl -v -X POST -u myclientid:myclientsecret http://host:port/appcontext/oauth/token -H "Accept: application/json" -d "grant_type=operator_password&username={myoperatorusername}&password={myoperatorpassword}&brandKey={myBrandKey}"3. Client Credentials Grant
Somewhat like the existing "2-LO" flow for OAuth 1. Obtain an access token that represents not an end user, but the owner of the client/consumer:
$ curl -v -X POST -u myclientid:myclientsecret http://host:port/appcontext/oauth/token -H "Accept: application/json" -d "grant_type=client_credentials&brandKey={myBrandKey}"Making Requests
Once you have an access token, one can use it in a request as a request header: Authorization: Bearer {access_token}
...