# OAuth Authentication At the customer's preference, it is possible to integrate with our APIs via OAuth client credential token grant. OAuth integration consists of 2 basic components: 1. Token management (ensure your system always has a valid OAuth token available) 2. REST API call signing using a valid token ### Token management Before implementing token management, make sure you have a valid `client_id` and `client_secret` as provided by us (Your sales rep will provide them). These are the credentials you will use to get valid tokens from the `auth-broker`. #### auth-broker POST call to receive a valid OAuth token ```bash POST https://api.autograb.com.au/auth-broker/request-token Post body { grant_type: client_credentials } Headers Content-Type: application/x-www-form-urlencoded Authorization Basic Auth of form client_id:client_secret Base64 encoded Sample success response body { "access_token": "[obfuscated-token-string]", "expires_in": 3599, "scope": "", "token_type": "bearer" } ``` A valid token can be stored locally for use in subsequent API calls. It is recommended to calculate a safe expiry timestamp based on the expires\_in property of the response body and use this to pre-emptively refresh your token when it nears expiry. ### REST API call signing With a valid OAuth token, each REST API call that you make can be authorised by encoding the as-provided token string into your Authorization header using the Bearer prefix. #### Troubleshooting **Token management** * *I don’t get a 200 response on my request-token calls* Double-check your client\_id and client\_secret with AutoGrab. Double-check your Basic Auth encoding. Double-check your content-type header and post-body structure. * *I have a valid token but my API calls are failing* 401 response -- there may be a problem with your token, or the way Bearer Auth is being encoded in the headers.