Authentication 👀

Overview

To get started with our APIs, use the endpoint below to generate an Access Token with your API credentials. The Access Token is a Bearer token to be included in the Authorization Header of all API requests

The client needs to authenticate themselves for this request. Typically the service will allow accepting the client ID and secret in the HTTP Basic auth header, and add user_id to represent the specific user.

Applicable for **users expecting to play various roles**. The user needs the clientId and client secret to complete the authentication.

🚧
When access token expires, response code 401 Unauthorized HTTP status code

Instructions

API Request

POST /api/v1/auth/oauth2/token?grant_type=client_credentials&user_id=xxxx HTTP/1.1
Host: api-dev.fintechautomation.com
Accept: application/json
Authorization: Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx==

Data Model

Field	Type	Description	Optional/Required
`grant_type`	string	Must be `client_credentials`	required
`user_id`	string	UserId that AccelerationCloud assigned	required
`client_id`	string	Please see below for instructions on getting your credentials through Developer Dashboard	required
`client_secret`	string	Please see below for instructions on getting your credentials through Developer Dashboard	required

🔑
Do not ever share your client secret to others
Client credential authentication has the highest permission to impersonate anyone. It is the machine to machine integration.
Make sure to keep your API Secret saved somewhere secure. We can only share the API Secret once with you!

Success Response

{
  "access_token": "eyJraWQiOiJEcW9zNkJJMnQyV0xGeDRWcEFUWmJwRW5uemNlcEtqc0RZd0o5azVvZF9VIiwiYWxnIjoiUlMyNTYifQ.eyJ2ZXIiOjEsImp0aSI6IkFULjVyMlFUWTk3QmRIYVZfYXMtT2RoMjJhTXBOZEdQZEoxVTRZYVpQUFJkaHMiLCJpc3MiOiJodHRwczovL2ZpbnRlY2hhdXRvbWF0aW9uc3NvLm9rdGFwcmV2aWV3LmNvbS9vYXV0aDIvYXVzM2JyenZic2trb1lkZmExZDciLCJhdWQiOiJhcGk6Ly90ZW5hbnQiLCJpYXQiOjE2OTM1MTIzNjQsImV4cCI6MTY5MzUxOTU2NCwiY2lkIjoiMG9hOW5rOTVtMjF2YndtRlkxZDciLCJ1aWQiOiIwMHU5cGd4NXl0TFpQYmRzZjFkNyIsInNjcCI6WyJvcGVuaWQiXSwiYXV0aF90aW1lIjoxNjkzNTEyMzA0LCJzdWIiOiJ0ZXN0QGVtYWlsLmNvbSIsImNsaWVudElkIjoiMG9hOW5rOTVtMjF2YndtRlkxZDcifQ.VLzqRsbw6eP7KawuioeP1HE4zpcrZLwmHEBbFLVOL-Zhau95u7dNltAQBVz9OP4RqTGo_kZ0Buzy0YH_hPXDqSj2rqyDe2Zj3WfNCEpO4JBLF-ybEyJRgkBwo-anJCxOFfdxGkC3MUFHEl2s-QDWqkN7E_giG0-PMRmrhk82m5oma4x8k6X4hEnfhp4oYu32r8HEtRgcz3inzPlwt4zWvIN045tjC35Qs9pNiw9SitjOP1_Tt7LkI13bnnj3u_xIm-U-_0FsH60NJIL1Bu1x1M-yyQ15b70MeqLnSs3jXFLDfO_cjAR1hfSL4z6Z3idExBALeC98ZJn1ISMofvmvHQ",
  "token_type": "bearer",
  "expires_in": 7200
}

Fail Response

{
    "code": 400,
    "errorMessage": "authentication failed",
    "error": null,
    "data": null
}

Next Step

Upon successful authentication, you could get your `access_token`. The access_token should be included in the Authorization HTTP header with every call to the API. Failure to include the access_token or using an expired token will result in a 401 response. For example, to use the above token in a subsequent request, include the following in the request's HTTP headers.

Authorization: Bearer KiTnwIKoPVhVhD-FIdQyEgokgcg2VlIU8YiFQ2x5BdM

Overview

🚧

When access token expires, response code 401 Unauthorized HTTP status code

Instructions

🔑

Do not ever share your client secret to others

Client credential authentication has the highest permission to impersonate anyone. It is the machine to machine integration.

Make sure to keep your API Secret saved somewhere secure. We can only share the API Secret once with you!

Next Step

When access token expires, response code `401 Unauthorized` HTTP status code