POST - Generating access token

Purpose

This API call performs an OAuth 2.0 Client Credentials Grant to obtain an access token for authentication and authorization.It enables a client application to authenticate itself with an authorization server and obtain a short-lived token for making secure API calls. The access_token is then used in the Authorization header of API requests to prove the client’s identity and access rights.

Request URL 

Method: POST

https://{appconsole_IP}:{port_number}/oauth2/token/

Request Headers

The following headers must be included in the API request for successful authentication and data submission:

Authorization: DDI Central's OAuth implementation uses the Bearer authentication scheme. Hence, while making API calls, access_token obtained via the OAuth 2.0 Client Credentials Grant must be included in the Authorization header of API requests. This token verifies the client’s identity and ensures appropriate permissions for accessing resources.

The Authorization Header follows the format below:

headers = { "Authorization": "Bearer {bearer_tk}" }


Content-Type: Required in the header to indicate the media type of the resource being sent. It helps the server at the receiving end understand how to process the transmitted request body.

The Content-Type Header follows the format below:

headers ={ "Content-Type": "application/json" }

Request Body Form Data

  • client_id*  long(mandatory)
    •  The unique identifier for the client application. This is issued by the authorization server and is used to identify the application making the request.
  • client_secret*  string
    •  A secret key associated with the client ID, also issued by the authorization server. This is used to authenticate the application and should be kept secure.
  • grant_type*  string
    •  The type of OAuth 2.0 grant being used. In this case, it is set to "client_credentials" which indicates that the application is requesting an access token using its own credentials without user involvement.

 

- Mandatory parameter.

 

Sample Request

Copied
{
     "client_id":"ab5a442c7d57bd3dcbdc0675e9bdd9f6e6d67d1171b043939ff5",
     "client_secret":"8c7f2eb1609125d43e945cee63501dff80c461166ccfe15291",
     "grant_type":"client_credentials"                         
}

The above sample request obtain an access token from the authorization server using the OAuth 2.0 Client Credentials Grant. A backend service or machine (not a user) uses this type of request to authenticate itself to access DDI Central's protected APIs without requiring user interaction.. 

Sample Response

Copied
{
   "access_token":"604c6b3c89688821edc3f852701b636e0c3d76bf5cc153dd76815d08",
   "expires_in":1800,
   "token_type":"Bearer",
   "scope":"read write"
}

You can store this data so that there is no need for authorization each time the end user accesses the registered client application. This completes the authentication.