Authentication / Authorization

Authentication and authorization is done through OAuth 2.

To get access to the protected resources OAuth 2.0 uses Access Tokens. An Access Token is a string representing the granted permissions.

To access to Dataloy API, you must request an Access Token.

To obtain an access token you need to do a POST request, to the provided URL, passing the client id and client secret in the payload

Example of POST payload to token URL

Parameters

Parameter Name
Description

grant_type

Set this to "client_credentials".

client_id

Your M2M Client ID.

client_secret

Your M2M Client Secret.

audience

The audience for the token, which is your API. For production environments use "https://dataloy". For test and DEV environments use "https://dataloy.dev"

Response

If all goes well, you'll receive an HTTP 200 response with a payload containing access_token, token_type, and expires_in values:

Call API endpoint

To call an API endpoint you must pass the retrieved Access Token as a Bearer token in the Authorization header of your HTTP request.

curl https://{URL}/ws/rest/{Resource}-H "Authorization: Bearer eyJ.........qLbZQ"

When an endpoint is invoked with an expired token the server sends a HTTP 401 response with the following payload:

The client should not ask for a new token for each call but use the same token as long as it is valid.

PreviousWhat is it?NextGetting Started

Last updated