Page tree
Skip to end of metadata
Go to start of metadata

Interaction of the service requires client authorization. The client authorization is made via the OAuth 2.0 protocol.

To get a token, you should send a POST request (x-www-form-urlencoded) to URL:


Valuable parameters and their possible values:

grant_type: type of authentication, available value: client_credentials;

client_id: client identifier, equal to Account;

client_secret: client's secret key, equal to Secure password.


In response to the access request, the following information will be returned:

access_token: jwt-token;

token_type: token type (always takes value "bearer");

expires_in: lifetime of the token (default value: 3,600 seconds);

scope: scope of the token (access to and operations with objects);

jti: unique identifier of the token.

Then, when the user refers to the service methods, the received token is transmitted in the request header in the following form:
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJvcmRlcjphbGw...


Sample Request:

KEY

VALUE

grant_type

client_credentials

client_id

epT5FMOa7IwjjlwTc1gUjO1GZDH1M1rE

client_secret

cYxOu9iAMZYQ1suEqfEvsHld4YQzjY0X

Sample Response
{
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJvcmRlcjphbGw...",
    "token_type": "bearer",
    "expires_in": 3599,
    "scope": "order:all payment:all",
    "jti": "9adca50a-..."
}
  • No labels