# OAuth Authentication

OAuth will only work for agreed AutoGrab api\_v2 REST endpoints where an ApiKey has already been provisioned.

OAuth integration consists of 2 basic components:

1. Token management (ensure your system always has a valid OAuth token available)
2. REST API call signing using a valid token

#### Token management <a href="#token-management" id="token-management"></a>

Before implementing token management, make sure you have a valid `client_id` and `client_secret` as provided by AutoGrab. (They will be provided by your sales rep.) These are the credentials you will use to get valid tokens from the AutoGrab `auth-broker`.

**auth-broker POST call to receive a valid OAuth token**

Copy

```json
POST !!!!!!!!/request-token

Post body
{ grant_type: client_credentials }
Headers 
Content-Type: application/x-www-form-urlencoded
Authorization
Basic Auth of form client_id:client_secret Base64 encoded

Sample success response body
{
    "access_token": "[obfuscated-token-string]",
    "expires_in": 3599,
    "scope": "",
    "token_type": "bearer"
}
```

A valid token can be stored locally for use in subsequent api calls. It is recommended to calculate a safe expiry timestamp based on the expires\_in property of the response body, and use this to pre-emptively refresh your token when it nears expiry.

#### REST api call signing <a href="#rest-api-call-signing" id="rest-api-call-signing"></a>

With a valid AutoGrab OAuth token to hand, each REST api call that you make can be authorised by encoding the as-provided token string into your Authorization header using Bearer prefix.

**Troubleshooting**

* *I don’t get a 200 response on my request-token calls* Double-check your client\_id and client\_secret with AutoGrab. Double-check your Basic Auth encoding. Double check your content-type header and post body structure.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://devhub.autograb.com/uk-autograb-api-doc/authentication/oauth-authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.