Authentication
To authenticate your application we support OAuth2. So pass allong an OAuth2 bearer token with your API request and you'll be fine.
OAuth2
OAuth2 is a secure option that allows third-party applications to access a server without passing user credentials or API keys. There are a lot of resources online on OAuth2
1. Implement an OAuth2 library.
2. Register your app within your Offorte Account (settings => API). Here you can create your app and will be assigned a client_id and client_secret. Also provide a redirect_uri where we optionally can send the verification code.
3. Request authorization on the following url: https://[your_account_name].offorte.com/oauth2/authorize and add the following GET params to your request:
| Param | Value |
|---|---|
| client_id | [YOUR_CLIENT_ID] |
| redirect_uri | [YOUR_REDIRECT_URL] |
| response_type | 'code' |
4. Request an access token by doing a POST on the following url: https://[your_account_name].offorte.com/oauth2/token and add the following params to your request, we will return the access code in json:
| Param | Value |
|---|---|
| client_id | [YOUR_CLIENT_ID] |
| client_secret | [YOUR_CLIENT_SECRET] |
| redirect_uri | [YOUR_REDIRECT_URL] |
| code | [CODE] (obtained in step 3) |
| grant_type | 'authorization_code' |
5. Try to make an authorized request to https://connect.offorte.com/api/v2/[your_account_name]/hello Use the access code obtained in step 4 as a header Bearer authentication code
Refresh tokens
When your access token expires (30 days), you can generate a new access token using the refresh token you received in conjunction with your access token.
curl -X POST https://[your_account_name].offorte.com/oauth2/refresh-token \
--data "grant_type=refresh_token" \
--data "client_id=XXX" \
--data "client_secret=XXX" \
--data "refresh_token=XXX"