OAuth 2.0
Guardian APIs utilize the OAuth 2.0 protocol for authentication and authorization to the application. The protocol requires the use of credentials and an access token to complete authentication and authorization. These credentials and access token are specific to each client account.
Step 1: Obtain credentials
In order to authenticate to Guardian APIs you will need to obtain a few pieces of information. This information will be used to authenticate your application and validate the API calls. Your implementation specialist will provide the needed API credentials. The credentials consist of two sets of information: API key (Client ID) and API Secret (Secret) and Username and Password.
For example:
Client ID: ff1d4cfd1b8d7701234m
Secret: 0ffe99da824cc8d73620ec72781e5f68c0832swu
Username:example_test_user
Password: B%e9wmgh
This information is utilized to generate the access token. Save this information as it will be required to make API calls to the Guardian platform. For security purposes, do not share this information.
Step 2: Obtain an access token from the Guardian authorization server
In order to access data using a Guardian API, your application must obtain an access token. The access token will be used to validate API calls to the Guardian platform.
Utilizing the credentials obtained in step 1, make a request to the Guardian API IP /oauth2/access_token/.
Example cURL request:
client_id=ff1d4cfd1b8d7701234m
client_secret=0ffe99da824cc8d73620ec72781e5f68c0832swu
username=example_test_user
passwd=B%e9wmgh
api_ip=https://exampleserver/oauth2/access_token
curl -k -X POST -d ""client_id=$client_id&client_secret=$client_secret&grant_type=password&username=$username&password=$passwd"" ""$api_ip""
Response:
When authentication is successful, the access token is generated. A response will be returned in JSON format and include the following parameters:
Field | Type | Description |
---|---|---|
access_token | string | A Guardian session key used to invoke REST API methods. This token must be passed as a parameter for each call. |
token_type | string | Bearer Token |
expires_in | number | The lifetime in seconds of the access token. |
refresh_token | string | A Guardian key that can be passed in a subsequent request to obtain a new Access Token. |
scope | string | “read”, “write” or “read+write” |
Example output:
{
""access_token"": ""360c0290ca3a5fa90d7e11b67659ff3adeca8bc8"",
""token_type"": ""Bearer"",
""expires_in"": 86399,
""refresh_token"": ""30166263ca11d2ee34aa70b2aef779ce8d259feb"",
""scope"": ""read""
}
Access Token Refresh
You may choose to generate a new token at any time. To do so, send a new request and include the refresh_token parameter and value.
Example cURL request:
client_id=ff1d4cfd1b8d7701234m
client_secret=0ffe99da824cc8d73620ec72781e5f68c0832swu
username=example_test_user
the_refresh_token=30166263ca11d2ee34aa70b2aef779ce8d259feb
api_ip=https://exampleserver/oauth2/access_token
curl -k -X POST -d ""refresh_token=$the_refresh_token&client_id=$client_id&client_secret=$client_secret&grant_type=refresh_token&
username=$username"" ""$api_ip""
"