LogoLogo
API StatusSupportPostmanContact Us
🇳🇿 NZ AutoGrab API Doc
🇳🇿 NZ AutoGrab API Doc
  • AutoGrab Basics
    • AutoGrab Developer Hub
    • Integration Overview
    • Open API Reference
    • API & System Status
    • API Test Cases
  • Authentication
    • Basic Key Based Authentication
    • OAuth Authentication
  • Vehicle Search
    • Vehicle Searching Basics
    • Plain-text Search
    • Registration Plate Search
    • VIN Search
    • Facet Search
      • Facet Integration Worked Example
    • Marketplace ID Lookup
    • Vehicle ID Search
    • Matching Confidence
  • Sourcing
    • Sourcing Basics
    • Market Overlay
      • Features
    • Market Statistics
  • Vehicle Data
    • Vehicle Data Basics
    • Vehicle History
    • Factory Build Data
  • Valuation
    • Valuation Basics
    • Valuation Predictions
      • Adjustments
      • Condition Array
      • Valuation Features
    • Residual Valuations
    • Registration & VIN Valuations
    • Valuation Features
    • Max Offer Configuration
    • AutoGauge
  • Embeddable Products
    • Embeddable Basics
    • AutoGauge
    • Valuation Widget
    • Market Insights Snapshot
  • Other Products & Resources
    • Pre-Accident Valuation API Suite
    • URL Linking Structure
    • Webhooks Integration
    • Customer Recapture
    • Brand Guidelines
    • API Reference Parameter
    • Stock Feeds
    • FAQ
Powered by GitBook
LogoLogo

Links

  • Terms of Use

2024 © AutoGrab Pty Ltd. ABN 79 638 468 569

On this page
  • Token management
  • REST API call signing

Was this helpful?

Export as PDF
  1. Authentication

OAuth Authentication

At the customer's preference, it is possible to integrate with our APIs via OAuth client credential token grant.

OAuth integration consists of 2 basic components:

  1. Token management (ensure your system always has a valid OAuth token available)

  2. REST API call signing using a valid token

Token management

Before implementing token management, make sure you have a valid client_id and client_secret as provided by us (Your sales rep will provide them). These are the credentials you will use to get valid tokens from the auth-broker.

auth-broker POST call to receive a valid OAuth token

POST https://api.autograb.com.au/auth-broker/request-token

Post body
{ grant_type: client_credentials }
Headers 
Content-Type: application/x-www-form-urlencoded
Authorization
Basic Auth of form client_id:client_secret Base64 encoded

Sample success response body
{
    "access_token": "[obfuscated-token-string]",
    "expires_in": 3599,
    "scope": "",
    "token_type": "bearer"
}

A valid token can be stored locally for use in subsequent API calls. It is recommended to calculate a safe expiry timestamp based on the expires_in property of the response body and use this to pre-emptively refresh your token when it nears expiry.

REST API call signing

With a valid OAuth token, each REST API call that you make can be authorised by encoding the as-provided token string into your Authorization header using the Bearer prefix.

Troubleshooting

Token management

  • I don’t get a 200 response on my request-token calls Double-check your client_id and client_secret with AutoGrab. Double-check your Basic Auth encoding. Double-check your content-type header and post-body structure.

  • I have a valid token but my API calls are failing 401 response -- there may be a problem with your token, or the way Bearer Auth is being encoded in the headers.

PreviousBasic Key Based AuthenticationNextVehicle Searching Basics

Last updated 11 months ago

Was this helpful?