OAuth Authentication

At the customer's preference, it is possible to integrate with our APIs via OAuth client credential token grant.

OAuth integration consists of 2 basic components:

1. Token management (ensure your system always has a valid OAuth token available)

2. REST API call signing using a valid token

Token management

Before implementing token management, make sure you have a valid client_id and client_secret as provided by us (your sales rep will provide them). These are the credentials you will use to get valid tokens from the auth-broker.

auth-broker POST call to receive a valid OAuth token

POST https://api.autograb.com.au/auth-broker/request-token

Post body
{ grant_type: client_credentials }
Headers 
Content-Type: application/x-www-form-urlencoded
Authorization
Basic Auth of form client_id:client_secret Base64 encoded

Sample success response body
{
    "access_token": "[obfuscated-token-string]",
    "expires_in": 3599,
    "scope": "",
    "token_type": "bearer"
}

A valid token can be stored locally for use in subsequent API calls. It is recommended to calculate a safe expiry timestamp based on the expires_in property of the response body and use this to pre-emptively refresh your token when it nears expiry.

REST API call signing

With a valid OAuth token, each REST API call that you make can be authorised by encoding the as-provided token string into your Authorisation header using the Bearer prefix.

Troubleshooting

Token management

• I don’t get a 200 response on my request-token calls Double-check your client_id and client_secret with AutoGrab. Double-check your Basic Auth encoding. Double check your content-type header and post body structure.

• I have a valid token but my API calls are failing 401 response -- there may be a problem with your token, or the way Bearer Auth is being encoded in the headers.