How to get proper authorization via OAuth Access Tokens to call OPTT project API.
To receive access and work with the desired optt project API, you’ll need to obtain a valid access token which grants you a proper authorization for your request. This document describes all the required steps and information you’ll need to know. To begin, you must place this info in the header of all requests:
1- Request URL
https://gateway.optt.ca:8092/gateway/uaa/oauth/token
2- Request Method Type
POST
3- Input type
Query Parameter
A complete example of an API call:
https://gateway.optt.ca:8092/gateway/uaa/oauth/token?password=123456&username=institute&grant_type=yourpassword
Api Inputs:
| Parameter Name | Parameter Type | Description |
|---|---|---|
| username | string | Username of the Requester |
| Password | string | Requester password |
| grant_type | string | Always put a password |
Sample Response in JSON format:
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MDM2Njk1MDYsInVzZXJfbmFtZSI6Imluc3RpdHV0ZSIsImF1dGhvcml0aWVzIjpbIklOU1RJVFVURSJdLCJqdGkiOiI2NWJhNDFhNy05OThlLTQwZjEtYmUyYS1hMDI2YzYwZWQ3ZGQiLCJjbGllbnRfaWQiOiJvcHR0LTAyZWU3N2RjLWFjNDUtNDM0NC04MTdlLTE3Y2E1MmI1OGI1ZCIsInNjb3BlIjpbInJlYWQiLCJ3cml0ZSJdfQ.LteUnSohWZOQNs9yTLnASVDdT1w1oZ6rJJYjFmx69x32_wpb7E_d5bsB0OFsBOXXLgSC0KHR2_W9uvETxZXJ_EfEQPtyDn2zpWCLnzyeup4cfNCGw9mQymgbxNuxXAJjFpw1E1s1gs7uWLZOk5aGVOW9qhVYP7LyuVB-AQVFKydJVb0SM6nJoyKWA95N3bysR8rh-q_PWMUU7ZNLSuXUnOBe9BiG0IJK0iN-fohJQdnR8FhA2aEirbdmHvlL2NVx57QyE7Q3QX5_-0DsFWQxuUhqgEsl_Ef3zB2BZUCymugodb-fuhw1fBDO0S_dPdLShz3ghGy1PeL3rUZsWyw5Uw”,
"token_type": "bearer",
"refresh_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiJpbnN0aXR1dGUiLCJzY29wZSI6WyJyZWFkIiwid3JpdGUiXSwiYXRpIjoiNjViYTQxYTctOTk4ZS00MGYxLWJlMmEtYTAyNmM2MGVkN2RkIiwiZXhwIjoxNjAzNjY5NTA2LCJhdXRob3JpdGllcyI6WyJJTlNUSVRVVEUiXSwianRpIjoiZjQxNjJkYTUtZDlhMC00NjRkLWE1YTctNjkwNzI1NGRiNjYwIiwiY2xpZW50X2lkIjoib3B0dC0wMmVlNzdkYy1hYzQ1LTQzNDQtODE3ZS0xN2NhNTJiNThiNWQifQ.L3RuCnCBf1WYV1u9ini9VkbASdrZ0kzWBY6s7ybrasWtE1FxdvXJcBW36BSQ4BHYDjU4vzYb8KS0JmV9FeCwVUL7nF2Q5ytlYm6jbVTlTmdBMo7Kbc4xxF4XOG_qOT_tEgPv3jLzlK0XUFq_bZONF4Z_yHqQWZ0oV1aqj4oHv9hEKfnmsRihSgN3QG0twnl52hGPzUoO64CLXmmvg3iSGnZU2Ancit9Lqj4UXiaQGd2DjESngUwokAFzB3SwaUaa9idgDd-CiDA_-TyVV5qtO8toBi4YCfht8_1efwoAqw4TQ7knEEoqAxLPV5s7FPBp_FhOR6pnhkFKEEZolEkDPg",
"expires_in": 35999,
"scope": "read write",
"jti": "65ba41a7-998e-40f1-be2a-a026c60ed7dd"
}
Important Point:
It is better to save the service response in the client cache so that it can then read the token from the cache to call another API and put it in the header in next requests.
Second important point:
If the token mentioned in the service response time elapsed after the token expires, the token is no longer valid for the server.
To retrieve, you can use the API refresh token and receive a new valid token.