Authentication
To authenticate your application we support OAuth2 and API Keys. So pass allong an OAuth2 bearer token or API key in the header with your API request and you'll be fine.
Warning: Always keep your keys secret and do not expose them to your users as that will make you vulnerable to attacks and unrecoverable data loss.
API Keys
This is the easiest option. Just create an API key in the Settings > Api Integrations section of your Offorte account and use it in an Authorization header of your API request.
curl -X GET https://connect.offorte.com/api/v2/[your_account_name]/hello -H "Authorization: [your_api_key]"
OAuth2
OAuth2 is a secure option that allows third-party applications to access a server without passing user credentials or API keys. There are a lot of resources online on OAuth2
1. Implement an OAuth2 library.
2. Register your app within your Offorte Account (settings => API). Here you can create your app and will be assigned a client_id and client_secret. Also provide a redirect_uri where we optionally can send the verification code.
3. Request authorization on the following url:
https://[your_account_name].offorte.com/oauth2/authorize
and add the following GET params to your request:
| Param | Value |
|---|---|
| client_id | [YOUR_CLIENT_ID] |
| redirect_uri | [YOUR_REDIRECT_URL] |
| response_type | 'code' |
4. Request an access token by doing a POST on the following url:
https://[your_account_name].offorte.com/oauth2/token
and add the following params (form post data) to your request, we will return the access code in json:
| Param | Value |
|---|---|
| client_id | [YOUR_CLIENT_ID] |
| client_secret | [YOUR_CLIENT_SECRET] |
| redirect_uri | [YOUR_REDIRECT_URL] (should be the same as in step 3) |
| code | [CODE] (obtained in step 3) |
| grant_type | 'authorization_code' |
5. Try to make an authorized request to
https://connect.offorte.com/api/v2/[your_account_name]/hello
Use the access code obtained in step 4 as a header Bearer authentication code
Refresh tokens
When your access token expires (30 days), you can generate a new access token using the refresh token you received in conjunction with your access token.
curl -X POST https://[your_account_name].offorte.com/oauth2/refresh-token \
--data "grant_type=refresh_token" \
--data "client_id=XXX" \
--data "client_secret=XXX" \
--data "refresh_token=XXX"