Authentications
- Jo Dybdal (Deactivated)
- Andris Nolendorfs (Deactivated)
Before you start you need to obtain the following information
CLIENT_ID="my client id"
CLIENT_SECRET="my client secret"
API_USERNAME="my KODE API username"
API_PASSWORD="my KODE API password"To get this information, please contact support@ambita.com
In order to obtain a token, run the following
curl -s -H "Content-Type: application/json" https://beta-api.ambita.com:443/authentication/v2/token -d "
{
\"grant_type\": \"password\",
\"client_id\": \"CLIENT_ID\",
\"client_secret\": \"CLIENT_SECRET\",
\"username\": \"API_USERNAME\",
\"password\": \"API_PASSWORD\"
}"Example response
{
"access_token": "ej577asf-a5k6-42yq-a3a2-fh03hb8cb58c",
"token_type": "Bearer",
"expires_in": 3600,
"refresh_token": "aj274ajd-t1s8-48sk-v5m1-shf64j9bq25a",
"scope": [
"kode.order.write",
"kode.order.read",
"kode.product.read",
"kode.price.read",
...
]
}The access_token is valid for 1 hour and should be reused until it expires. When the token expires, the API will return 401 UNAUTHORIZED.
To get a new access_token you can use the refresh token grant_type
The refresh_token is valid for 30 days and should be stored securely and only be used to get new access_token. The refresh token grant_type will also return a new refresh_token, you should replace your existing refresh_token with the new one, the new refresh_token is valid for another 30 days. If the refresh_token expires, you need to authenticate with client, credentials and grant_type password again.
More information about OAuth can be found here: https://www.oauth.com/
The token should be a request header and should be added in the Authorization header as shown below