# Authentication ## Step 1: Authorization Link This API used for authorization (login) process. {% tabs %} {% tab title="Request" %} | Canonical Path | /rest/h2h/authorization/ | | -------------- | ------------------------ | | Method | POST | | Query Param | - | | Content-Type | application/json | | Content | |

{
    “client_id”: <String, not null>, 
    “client_secret”: <String, not null>, 
    “response_type”: “code”, 
    “user_type”: <String, not null>, 
    “username”: <String, not null>, 
    “password”: <String, not null>
}

{% endtab %} {% tab title="Response" %} | Content-Type | application/json | | ------------ | ---------------- | | Content | | {% code overflow="wrap" %} ```json { "status": , "code": ▪client\_id=\,

▪client\_secret=\

▪grant\_type=authorization\_code

▪code=\ redirect\_uri=\

| | {% endtab %} | | {% tab title="Response" %} | Content-Type | application/json | | ------------ | ---------------- | {% code overflow="wrap" %} ```json { "access_token": , "token_type": , "expires_in": , "refresh_token": , "scope": } ``` {% endcode %} {% endtab %} {% endtabs %} ## Description | Field | Description | | -------------- | ------------------------------------------------------------------------------------------------- | | client\_id | Public identifier of the client | | client\_secret | Secret key of the client | | grant\_type | Type of grant: authorization\_code | | code | Authorization code | | redirect\_uri | Redirection endpoint where the service redirect user-agent after an authorization code is granted | | access\_token | User access token as requested | | token\_type | The type of token: Bearer | | expires\_in | The lifetime in seconds of the access token | | refresh\_token | Token that can be used to obtain new access token using the same authorization grant | | scope | The scope of the access token | ## Step 3 : Client Host Authorization This API is used to authorize the host of client to access client resources. The flow of this process is based on OAuth client credentials to get access token. The access token then can be used to request the respected resource API. {% tabs %} {% tab title="Request" %} | Canonical Path | rest/oauth/token | | -------------- | --------------------------------------------------------------------------------------------------------------------------- | | Method | POST | | Query Param | - | | Content-Type | application/x-www-form-urlencoded | | Content |

▪ client\_id=\

▪ client\_secret=\

▪ grant\_type=client\_credentials

| | {% endtab %} | | {% tab title="Response" %} | Content-Type | application/json | | ------------ | ---------------- | | Content | | {% code overflow="wrap" %} ```json { "access_token": , "token_type": , "expires_in": , "refresh_token": , "scope": } ``` {% endcode %} {% endtab %} {% endtabs %} ## Description | Field | Description | | -------------- | ---------------------------------------------------------------------------------------------------- | | client\_id | Public identifier of the client | | client\_secret | Secret key of the client | | grant\_type | Type of grant: client\_credentials | | access\_token | Host access token as requested | | token\_type | The type of token: Bearer | | expires\_in | The lifetime in seconds of the access token | | refresh\_token | Token that can be used to obtain new access token using the same authorization grant (never expired) | | scope | The scope of the access token | ## Step 4 : Refresh Token This API is used to refresh access\_token before or after access\_token expires as long the refresh\_token is still valid. {% tabs %} {% tab title="Request" %} | Canonical Path | /rest/oauth/token | | -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Method | POST | | Query Param | - | | Content-Type | application/x-www-form-urlencoded | | Content |

▪ client\_id=\

▪ client\_secret=\

▪ grant\_type=refresh\_token

▪ refresh\_token=\

▪ redirect\_uri=\