Authentication / Authorization
Last updated
Last updated
Authentication and authorization is done through OAuth 2.
To get access to the protected resources OAuth 2.0 uses Access Tokens. An Access Token is a string representing the granted permissions.
To access to Dataloy API, you must request an Access Token.
To obtain an access token you need to do a POST request, to the provided URL, passing the client id and client secret in the payload
Example of POST payload to token URL
| Parameter Name | Description |
|---|---|
If all goes well, you'll receive an HTTP 200 response with a payload containing access_token, token_type, and expires_in values:
To call an API endpoint you must pass the retrieved Access Token as a Bearer token in the Authorization header of your HTTP request.
curl https://{URL}/ws/rest/{Resource}-H "Authorization: Bearer eyJ.........qLbZQ"
When an endpoint is invoked with an expired token the server sends a HTTP 401 response with the following payload:
The client should not ask for a new token for each call but use the same token as long as it is valid.
grant_type
Set this to "client_credentials".
client_id
Your M2M Client ID.
client_secret
Your M2M Client Secret.
audience
The audience for the token, which is your API. For production environments use "https://dataloy". For test and DEV environments use "https://dataloy.dev"