Versions Compared

Version Old Version 2 New Version 3
Changes made by

Ronny Opsahl

Ronny Opsahl

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Introduction

Before you can access or manipulate the different resources that are available, you have to get a token. When you are accessing or manipulating the resources, you have to provide this token in your request-header.

...

Before you can use the Ambita-APIs including the authentication-API, you need to request a token.

How to request a Token

To request a token you use the authentication service. This service has a resource called token. On the token resource, you can use the POST method to get the authentication service to generate a token for you. When posting this request you have to provide some credentials.

...

The parameters to the token services are handed over as form data of content type application/x-www-form-urlencoded.

Client credentials grant

To obtain an access (and refresh) token you must call the token service POST /authentication/v2/token. Required parameters are:

...

Code Block
{
  "access_token" : "091ec7e2-40c5-43ea-9fb8-13e9f50b6db0",
  "token_type" : "Bearer",
  "expires_in" : 3600,
  "refresh_token" : "4db616c4-c72e-4022-96cc-f95816185531",
  "scope":[]
}

Password credentials grant

To obtain an access (and refresh) token you must call the token service POST /authentication/v2/token. Required parameters are:

...

Code Block
{
  "access_token" : "091ec7e2-40c5-43ea-9fb8-13e9f50b6db0",
  "token_type" : "Bearer",
  "expires_in" : 3600,
  "refresh_token" : "4db616c4-c72e-4022-96cc-f95816185531",
  "scope":[]
}

Trusted grant

To obtain an access (and refresh) token you must call the token service POST /authentication/v2/token.

...

Code Block
              {
              "access_token" : "091ec7e2-40c5-43ea-9fb8-13e9f50b6db0",
              "token_type" : "Bearer",
              "expires_in" : 3600,
              "refresh_token" : "4db616c4-c72e-4022-96cc-f95816185531",
              "scope":[]
              }

Refresh a token

When a token expires the client must choose between refreshing the token using the refresh_token or authenticating again as described above. Refreshing a token is pretty similar to authenticating. You don't need to send in client_id and client_secret for non-confidential clients. You post to the token service POST /authentication/v2/token but uses grant_type=refresh_token. For confidential clients the following parameters are required:

...

  • grant_type=refresh_token

  • refresh_token=<refresh_token>

Calling a service that demands an access token

When calling a service that requires an access token, the client must first obtain a token and then add the access token to the request header like this:

...