...
Before you can use the Ambita-APIs including the authentication-API, you need to request a token.
A prerequisite for requesting a token is to obtain a client and a client secret(And possible a user and password, depending on the grant_type). In order to obtain this information is a manual process and you need to contact Ambita Customer Service.
How to request a Token
To request a token you use the authentication service. This service has a resource called token. On the token resource, you can use the POST method to get the authentication service to generate a token for you. When posting this request you have to provide some credentials.
...
Parameters must be send using MIME type application/x-www-form-urlencodedor application/json.
| Code Block |
|---|
https://beta-api.ambita.com/authentication/v2/token
client_id=anClientId&client_secret=theSecret&grant_type=client_credentials
|
...
The user must be registered in the Ambita Usercatalog. Parameters must be send Example below is using MIME type application/x-www-form-urlencoded.
| Code Block |
|---|
https://beta-api.ambita.com/authentication/v2/token
username=12000aUser&grant_type=trusted&client_id=aClientId&client_secret=aClientSecret
|
If authentication is successful, a JSON will be returned:
| Code Block |
|---|
{ "access_token" : "091ec7e2-40c5-43ea-9fb8-13e9f50b6db0", "token_type" : "Bearer", "expires_in" : 3600, "refresh_token" : "4db616c4-c72e-4022-96cc-f95816185531", "scope":[] } |
Refresh a token
When a token expires the client must choose between refreshing the token using the refresh_token or authenticating again as described above. Refreshing a token is pretty similar to authenticating. You don't need to send in client_id and client_secret for non-confidential clients. You post to the token service POST /authentication/v2/token but uses grant_type=refresh_token. For confidential clients the following parameters are required:
...