OAuth 2.0 - Client Credentials

The service-provider may create an authorization web-service, which supports the OAuth 2.0 (D. Hardt, Ed., 2012) Client Credentials grant type. BOG will use an HTTP POST request method for communication with the authorization endpoint.

Header Parameters

Content-Typerequired`application/x-www-form-urlencoded`

Body Parameters

grant_typerequired`client_credentials`

The value is a static text: client_credentials

client_idrequired`<client_id>`

client_secretrequired`<client_secret>`

CURL

curl --location --request POST 'http://localhost:8080/ess-api/authenticate' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=client_id' \
--data-urlencode 'client_secret=client_secret'

Response

The service-provider must return the following JSON response:

access_token`string`

The Token received from the authorization server.

created_at`string`

UNIX timestamp – the amount of milliseconds that have passed since January 1st, 1970 at UTC .

expires_in`number`

The number of seconds while the token stays active.

token_type`number`

Token type (A static value - Bearer).

RESPONSE

{
  "access_token": "xx82194x21412xxx219124x678x888x2xxx1900xx",
  "created_at": 1693236686855,
  "expires_in": 300,
  "token_type": "Bearer"
}

For any subsequent calls to the API, when the token is valid, BOG will use the HTTP header of the form:

Authorizationrequired`Bearer <token>`

„Bearer „ + „<token>“ (e.g.: „Bearer xx82194x21412xxx219124x678x888x2xxx1900xx“), where token is the value returned from the service-provider's authorization endpoint.

Header Parameters​

Content-Typerequiredapplication/x-www-form-urlencoded

Body Parameters​

grant_typerequiredclient_credentials

client_idrequired<client_id>

client_secretrequired<client_secret>

Response​

access_tokenstring

created_atstring

expires_innumber

token_typenumber

AuthorizationrequiredBearer <token>