Authenticaction
The LipaLater API uses the Client Credentials Flow(defined in OAuth 2.0 RFC 6749, section 4.4) for authentication and authorization. The client application is expected to pass along a Client ID and Client Secret in order to authenticate and receive an access token. To retrieve your client id and client secret please send a request to devops@lipalater.com and they will be generated for you.
How it works
- The client app authenticates with our Authorization Server
/api/v2/oauth/token
using its ClientID and Client Secret. - Our Authorization Sever validates the ClientID and Client Secret.
- We will then respond with an Access Token.
- The client application can use the Access Token to call our API and our API responds with the requested data.
Sample Request
Request to retrieve Access Token
curl -i -X POST 'https://core-v2-multi-country.herokuapp.com/api/v2/oauth/token' \
-d "grant_type=client_credentials" \
-d "client_secret=<client_secret>" \
-d "client_id=<client_id>" \
-d "scope=read write"
Response from Authorization server
{
"access_token": "<access_token>",
"token_type": "Bearer",
"expires_in": 7198,
"scope": "read write",
"created_at": 1606123568
}