Authenticate

 

All API requests must be sent over HTTPS.
Authentication is provided to API implementors via the Authentication Service.
This service follows the Oauth2 specification and provides services for both web server based applications and browser based applications.

Implementors will be assigned a orgid, username, password, client_id and client_secret value to associate with the implemented application.
Authentication methods will utilize these in conjunction with user credentials to make requests for data.

A two step process allows an application to pass the user to the server for collection of user specific credentials.
An authorization code is then issued which the application then exchanges for an access token.
The access token is then passed as a parameter in further API data requests.

Retrieve Authorization Code

1. URI: https://SERVERURL/api/en-US/OAuth/AccessToken
2. Body: grant_type=client_credentials&client_id={client_id}&client_secret={client_secret}
3. Authorization: aBase64EncodeFunction({userName};{password}) You can use https://www.base64encode.org/ to encode - make sure to put a semicolumn ; between the username and password
4. Response items: access_token

Example Request:
 POST: https://SERVERURL/api/en-US/OAuth/AccessToken
 Body: grant_type=client_credentials&client_id=2F199911-58E2-455F-A474-7BBB74850AF7&client_secret=D728D73C-3AD6-4AF0-A63B-4D0A1037AA29

 Headers:
 Content-Type: application/x-www-form-urlencoded
Authorization: MkYxOTk5MTEtNThFMi00NTVGLUE0NzQtN0JCQjc0ODUwQUY3O0Q3MjhENzND LTNBRDYtNEFGMC1BNjNCLTREMEExMDM3QUEyOQ==
Example Response:
{
    "access_token" : "79bdabae-bab8-481d-b5e7-699f262725f3",
    "token_type" : null,
    "Expires_in" : 31536000,
    "IsLoggedin" : false,
    "Error" : null,
    "PasswordExpirationDays" : 99999999,
    "LoginUrl" : "SERVERNAME",
    "ServerName" : "SERVERNAME",
    "DeviceId" : null,
    "LdLoginId" : null
}