Token request
CE-API provides the Requests token for a user. endpoint to obtain the access and refresh tokens to be used for calls to API endpoints. To authenticate with the CE-API an end-user must provide a username
, password
, client_id
and client_secret
to the /token
endpoint to obtain an access token (access_token
) and refresh token (refresh_token
). Once authenticated the access token can be used for calls to API endpoints. The access token is short-lived (1 hour).
The
client_id
andclient_secret
will be provided to the customer once the dedicated instance of the NET2GRID Insight Platform has been setup and/or when a new labelpartner is added in the platform.
An example call in cURL format is described below:
curl --location --request POST '<CE_API_BASE_URL>/v2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=<CLIENT_ID>' \
--data-urlencode 'client_secret=<CLIENT_SECRET>' \
--data-urlencode 'username=<EMAIL_ADDRESS>' \
--data-urlencode 'password=<PASSWORD>' \
--data-urlencode 'grant_type=password'
The response of the token call will be like:
{
"access_token": "<ACCESS_TOKEN>",
"refresh_token": "<REFRESH_TOKEN>",
"id_token": "<ID_TOKEN>",
"expires_in": 3600,
"token_type": "Bearer",
"scope": []
}
It is important that applications do not store the username and password for end-users, but instead rely on the refresh token flow to renew access tokens once they're no longer valid.
When a new access token is needed, the application can make a POST request back to the token endpoint using a grant type of refresh_token
to request a new access token. Refresh tokens are much longer lived, configured to expire in 30 days by default.
If you need to extend the expiration time of refresh tokens beyond 30 days, please contact us
An example call in cURL format is described below:
curl --location --request POST '<CE_API_BASE_URL>/v2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=<CLIENT_ID>' \
--data-urlencode 'client_secret=<CLIENT_SECRET>' \
--data-urlencode 'refresh_token=<REFRESH_TOKEN>' \
--data-urlencode 'grant_type=refresh_token'
And the response will be similar to the above
The response of the token call will be like:
{
"access_token": "<ACCESS_TOKEN>",
"refresh_token": "<REFRESH_TOKEN>",
"id_token": "<ID_TOKEN>",
"expires_in": 3600,
"token_type": "Bearer",
"scope": []
}
Updated 6 months ago