Authentication
Security
- Authentication and authorization
- Account Management API enforces OAuth2.0 authentication for all incoming requests.
- Only authorized clients with valid access tokens are allowed to access protected resources.
- Transport Security
- All communication with the Account Management API must be performed over HTTPS.
- The API enforces the use of secure versions of TLS that are 1.2 or higher.
- Access Levels: There are 2 access levels supported on Account Management API:
- Labelpartner access level: Access is restricted to create, access, update and delete resources that belong to this labelpartner.
- Admin access level: All resources are accessible by this access level.
It is recommended that labelpartner access is used by the Customer and such access is provided by default by NET2GRID upon Customer onboarding
Using the Account Management API
To authenticate in Account Management API you need to supply a client_id
and client_secret
to the /token endpoint to obtain an access_token
. Once authenticated the access token can be used for calls to API endpoints.
NET2GRID will provide the
client_id
andclient_secret
upon Customer onboarding or when adding a new labelpartner to the dedicated NET2GRID Insight Platform instance that has been created for the Customer
Client credentials
The client_id will:
- be 24 length random generated string
- include upper and lower case letters
- include numbers
- not include special characters
The client_secret will:
- be 50 characters long alphanumeric
- include upper and lower case letters
- include numbers
- not include special characters
Requesting a token
The token can be provided via the POST /token endpoint and it is in JWT format.
An example call in cURL format is described below:
curl --location --request POST 'https://<AM_API_BASE_URL>/v1/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Accept: application/json' \
--data-urlencode 'client_id=<client-id>' \
--data-urlencode 'client_secret=<client-secret>' \
--data-urlencode 'grant_type=client_credentials'
the response of the token call will be like:
{
"access_token": "<ACCESS_TOKEN>",
"expires_in": 3600,
"token_type": "Bearer"
}
Authenticated calls
Then all endpoint calls can be executed providing the access token in the header.
An example call in cURL format of the GET account is described below:
curl --location --request GET 'https://<AM_API_BASE_URL>/v1/account/<account-id>' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer <ACCESS_TOKEN>'
Updated 11 months ago