Guides

Token request

Suggest Edits

CE-API provides the POST /token endpoint to obtain the access and refresh tokens to be used for calls to API endpoints.

To authenticate with the CE-API an application must provide a username, password, client_id and client_secret via the POST /token endpoint, to obtain an accessand refresh token. Once authenticated the access token can be used for calls to API endpoints. The access token is short-lived (1 hour).

📘

The client_id and client_secret will be provided to the customer once the dedicated instance of the NET2GRID Insight Platform has been setup and/or when a new labelpartner is added in the platform.

An example call in cURL format is described below:

curl --location --request POST '<CE_API_BASE_URL>/v2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=<CLIENT_ID>' \
--data-urlencode 'client_secret=<CLIENT_SECRET>' \
--data-urlencode 'username=<EMAIL_ADDRESS>' \
--data-urlencode 'password=<PASSWORD>' \
--data-urlencode 'grant_type=password'

The response of the token call will be like:

{
    "access_token": "<ACCESS_TOKEN>",
    "refresh_token": "<REFRESH_TOKEN>",
    "id_token": "<ID_TOKEN>",
    "expires_in": 3600,
    "token_type": "Bearer",
    "scope": []
}

🚧

It is important that applications do not store the username and password for end-users, but instead rely on the refresh token flow to renew access tokens once they're no longer valid.

Refresh Token

When a new access token is needed, the application can make a POST request back to the token endpoint using a grant type of refresh_token to request a new access token. Refresh tokens are much longer lived, configured to expire in 30 days by default.

📘

If you need to extend the expiration time of refresh tokens beyond 30 days, please contact us

An example POST /token call in cURL format is described below with the refresh_token grant:

curl --location --request POST '<CE_API_BASE_URL>/v2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=<CLIENT_ID>' \
--data-urlencode 'client_secret=<CLIENT_SECRET>' \
--data-urlencode 'refresh_token=<REFRESH_TOKEN>' \
--data-urlencode 'grant_type=refresh_token'

And the response will be similar to the above.

Its response will be similar to the aforementioned where the password grant_type was provided. It is recommended to request access tokens with the refresh_token grant whenever possible to enhance application performance.

🚧

Once the Refresh token has also expired, then the access token needs to be retrieved again with the password grant.

Updated 13 days ago