Authenticaction

The LipaLater API uses the Client Credentials Flow(defined in OAuth 2.0 RFC 6749, section 4.4) for authentication and authorization. The client application is expected to pass along a Client ID and Client Secret in order to authenticate and receive an access token. To retrieve your client id and client secret please send a request to devops@lipalater.com and they will be generated for you.

How it works

img

  1. The client app authenticates with our Authorization Server /api/v2/oauth/token using its ClientID and Client Secret.
  2. Our Authorization Sever validates the ClientID and Client Secret.
  3. We will then respond with an Access Token.
  4. The client application can use the Access Token to call our API and our API responds with the requested data.

Sample Request

Request to retrieve Access Token

curl -i -X POST 'https://core-v2-multi-country.herokuapp.com/api/v2/oauth/token' \
-d "grant_type=client_credentials" \
-d "client_secret=<client_secret>" \
-d "client_id=<client_id>" \
-d "scope=read write"

Response from Authorization server

{
"access_token": "<access_token>",
"token_type": "Bearer",
"expires_in": 7198,
"scope": "read write",
"created_at": 1606123568
}