LogoLogo
API StatusSupportPostmanContact Us
🇲🇾 MY AutoGrab API Doc
🇲🇾 MY AutoGrab API Doc
  • AutoGrab Basics
    • AutoGrab Developer Hub
    • Integration Overview
    • API Test Cases
    • FAQ
  • Authentication
    • API Key
    • OAuth Authentication
  • Vehicle Search
    • Vehicle Searching Basics
    • Plain-text Search
    • Registration Plate Search
    • Facet Search
    • Vehicle ID Search
    • Marketplace ID Lookup
  • Sourcing
    • Sourcing Basics
    • Market Overlay
    • Market Statistics
    • Stock Feeds
  • Vehicle Data
    • Vehicle Data Basics
    • Detailed Specifications Data
    • Vehicle History
    • Factory Build Data
  • Valuation
    • Valuation Basics
    • Valuation Predict
    • Residual Valuations
    • Max Offer Configuration
    • Gauge API
  • Embeddable Products
    • Embeddable Basics
    • Gauge Widget
    • Valuation Widget
    • Market Overlay Widget
  • REPORTS
    • Car Analysis
    • Certificates
  • Customer Recapture
    • Customer Recapture API
    • Webhooks
  • Insurance
    • Pre-Accident Valuation
Powered by GitBook
LogoLogo

Links

  • Terms of Use

2024 © AutoGrab Pty Ltd. ABN 79 638 468 569

On this page
  • Token management
  • REST api call signing

Was this helpful?

Export as PDF
  1. Authentication

OAuth Authentication

OAuth will only work for agreed AutoGrab api_v2 REST endpoints where an ApiKey has already been provisioned.

OAuth integration consists of 2 basic components:

  1. Token management (ensure your system always has a valid OAuth token available)

  2. REST api call signing using a valid token

Token management

Before implementing token management, make sure you have a valid client_id and client_secret as provided by AutoGrab. (They will be provided by your sales rep.) These are the credentials you will use to get valid tokens from the AutoGrab auth-broker.

auth-broker POST call to receive a valid OAuth token

POST !!!!!!!!/request-token

Post body
{ grant_type: client_credentials }
Headers 
Content-Type: application/x-www-form-urlencoded
Authorization
Basic Auth of form client_id:client_secret Base64 encoded

Sample success response body
{
    "access_token": "[obfuscated-token-string]",
    "expires_in": 3599,
    "scope": "",
    "token_type": "bearer"
}

A valid token can be stored locally for use in subsequent api calls. It is recommended to calculate a safe expiry timestamp based on the expires_in property of the response body, and use this to pre-emptively refresh your token when it nears expiry.

REST api call signing

With a valid AutoGrab OAuth token to hand, each REST api call that you make can be authorised by encoding the as-provided token string into your Authorization header using Bearer prefix.

Troubleshooting

  • I don’t get a 200 response on my request-token calls Double-check your client_id and client_secret with AutoGrab. Double-check your Basic Auth encoding. Double check your content-type header and post body structure.

PreviousAPI KeyNextVehicle Searching Basics

Was this helpful?