This article covers the basic authorization of a Client application which use a backend built using DotKernel API
Authorization Request
Client application users send a POST request to the backend containing the following JSON object:
{ "grant_type": "password", "client_id": "{API_CLIENT}", "client_secret": "{API_CLIENT_SECRET}", "scope": "{SCOPE}", "username": "{USERNAME/EMAIL}", "password": "{PASSWORD}" }
Authorization Response
If the credentials are correct, the API will return a JSON object containing the authentication data:
{ "token_type": "Bearer", "expires_in": 86400, "access_token": "...", "refresh_token": "..." }
When sending API requests to an endpoint which requires authorization, an Authorization header must be present containing the following data: "Bearer {access_token}"
, where {access_token} represents the content of the key with the same name found in the above response.
Leave a Reply