Authentication
Introduction
A new authentication method is going to be applied in AM-API very soon.
This is the first step of the aim to apply the complete oAuth 2.0 authentication method within the next months.
The new authentication method will be backwards compatible and co-exist along with the current API keys authentication method for the next 6 months as per the NET2GRID API deprecation policy.
The current API keys for Customers who start utilizing the new authentication method will be removed.
API Reference and this Guide will be updated as soon as the new Authentication method is readily available to be utilized in Production.
Along with this change:
- Authentication will be restricted to labelpartner level
- Admin access will still be supported
- Customers will not need to proceed to any further action at a later stage when NET2GRID aims to implement the full oAuth Authentication method.
New authentication method
Solution
A new token Endpoint is going to be available through which Customers can request a token, by providing the relevant client credentials. The token, once granted, will not expire and from that point on, will be utilized to access the API.
Client Credentials
The client_id will:
- be 24 length random generated string
- include upper and lower case letters
- include numbers
- not include special characters
The client_secret will:
- be 50 characters long alphanumeric
- include upper and lower case letters
- include numbers
- not include special characters
The generated token:
- can be used to all the endpoints of the AM-API as a Bearer Token
- will not expire
Token Endpoint
A new endpoint will be available in the AM-API for the user to request a token by
providing the client credentials:
- client_id
- client_secret
| POST | https://AM_API_BASE_URL/v1/token |
|---|---|
| body | client_id client_secret grant_type |
Input
| Parameter | Type | Description | Required |
|---|---|---|---|
| client_id | string | The client ID of the user | ☑️ |
| client secret | string | The client secret of the user | ☑️ |
| grant_type | string | The grant type of the request which is optional and is "client_credentials" by default. (should be “client_credentials”, elsewise an error will be thrown.) | ✖️ |
Output
| Parameter | Type | Description |
|---|---|---|
| access_token | string | The access token that’s returned (a JWT token) |
| token_type | string | The type of the token (Bearer) |
| expires_in | integer | The expiration of the token |
The expires_in value will be static for now. This parameter is added in order to smoothen the transition for the future authentication increment that is to be implemented. The static value of this variable will be the 3600 and it will represent seconds.
Potential error codes
| Error Code | Description |
|---|---|
| 400 | Invalid request, indicating an unsupported grant type or a malformed request |
| 401 | Invalid client_id and client_secret combination |
| 500 | Unexpected server error |
Updated over 1 year ago