Documentation

Authentication

Suggest Edits

Introduction

OAuth 2 is an authorization framework that enables applications to connect to APIs using tokens and access grants. GiftDeals uses Client Credentials as an authentication scheme. This allows our partners direct access to the resources without a delegation step.

🚧

Client Credentials are meant to be used on secure backends

Please only use this API on a trusted machine that you control. This is not meant for mobile or untrusted machines as the client credentials can be used to obtain the access token.

For a more in-depth overview of OAuth2 please read the following article.

Access Tokens

To use the API, your app must send an OAuth2 access token in an Authorization header with each request. The Authorization is for accessing the account and supplies a token that can be used for accessing the resources.

GET /Status HTTP/1.1
Host: api.app.tot.us
Authorization: Bearer bWFnZ2llOnN1bW1lcnM

Access Flow

To obtain the access token you must first call the authorization API with the Client_id and the Client_secet

curl -X POST \
 https://auth.api.tot.us/oauth2/token \
 -H ‘Content-Type: application/x-www-form-urlencoded’ \
 -H ‘cache-control: no-cache’ \
 -d ‘grant_type=client_credentials&client_id=CLIENT_ID_REPLACE_ME&client_secret=CLIENT_SECRET_REPLACE_ME&grant_type=order-svc/orders order-svc/products order-svc/status order-svc/webhook’

HTTP/1.1 200 OK
Content-Type: application/json

 {
   “access_token”: “eyJraWQiOiJDV1ZMQnVxK2oyNjJmZmI2WjFmcktaQ2MxQUN2SVR0M0FhTmlzYWlMamNFPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiI1M2IwczNhdWtzN2c5YWFtZGcxNms2dGc3ZyIsInRva2VuX3VzZSI6ImFjY2VzcyIsInNjb3BlIjoiYXBpLmNhcmRwb29sLmNvbVwvZXhjaGFuZ2VcL3NhbmRib3hcL2Z1bGwtYWNjZXNzIiwiYXV0aF90aW1lIjoxNTcwMTM0MDI5LCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAudXMtZWFzdC0xLmFtYXpvbmF3cy5jb21cL3VzLWVhc3QtMV9acjRMY3ZBYVIiLCJleHAiOjE1NzAxMzc2MjksImlhdCI6MTU3MDEzNDAyOSwidmVyc2lvbiI6MiwianRpIjoiZGM4NmJkOGQtZGY5Ni00ZjFiLWExZGYtYTM2NmY0NGEwMTQxIiwiY2xpZW50X2lkIjoiNTNiMHMzYXVrczdnOWFhbWRnMTZrNnRnN2cifQ.HIkP5ye3Z_7VLYf7U2i9-hOMXkpgBQlv19qeGUXXSwCnWhLdz0xbJnA4Q4t9uTokciiJ-Lf4sE_7Na3TX0VYKMTXhdyiHlC1RZBLRn509vmb24v0BCQbp1FTuAGYH2g7MFU-TMURp5p7nlMA2UoItTkPROgN2xeeUzUBZ1LVKqFqiG4ODgFessCap1wh6K_VRfKfEroYDyf5pG55ccP2FG4X9JsmAxXmbELrFsHC18DgMcbU2oBV09b4gEicIXKTqgBqsD5uvd7-Eijc4uwCrP3MLVlMCCJVwFfXmTTDK99LZDoNi5TZ3GKSdC7BBembtSCeZjROWrsTeMkxXUBIdg”,
   “expires_in”: 3600,
   “token_type”: “Bearer”
}

Production

Please see the section Production Key Access for more details on production access.

Updated almost 2 years ago