The Apiax APIs use JSON web tokens (JWT) to authenticate requests. You need to have a valid username and password to access the API and retrieve a JWT. Contact the Apiax support team to get your account.
Getting the Access Token
The following table describes the procedure to retrieve and use a JWT.
Method
POST
Endpoint
https://auth.apiax.io/auth/realms/apiax/protocol/openid-connect/token
This endpoint creates tokens valid for the production environment.
Header
Content-Type: application/x-www-form-urlencoded
Request URL-Encoded Form Parameters
client_id: integration-api
grant_type: password
username: _YOUR_USER_NAME_
password: _YOUR_USER_PASSWORD_
The payload data are form parameters. Select the appropriate content-type for the request body to pass this data.
Response
{
"access_token": "ACCESS_TOKEN",
"expires_in": JAVA_TIMESTAMP,
"refresh_expires_in": 0,
"refresh_token": "REFRESH_TOKEN",
"token_type": "bearer",
"not-before-policy": JAVA_TIMESTAMP,
"session_state": "UUID",
"scope": "TOKEN_VALIDITY_SCOPES"
}
The response contains the access token at the JSON path $.access_token
. For security reasons, never share the access token or the refresh token found at the JSON path $.refresh_token
.
You can use the access token as a bearer authentication header for subsequent API calls.
Authentication: Bearer ACCESS_TOKEN
The default expiration time for expires_in
is 1800
seconds.
Retrieving a new Access Token with the Refresh Token
In the authentication response, the Refresh Token is included besides the Access Token (see Response structure above). This request token can be used to retrieve a new valid access token without sending the username and password again. The refresh token can be used 14 days starting after the retrieval of your Access Token with credentials.
Method
POST
Endpoint
https://auth.apiax.io/auth/realms/apiax/protocol/openid-connect/token
This endpoint creates tokens valid for the production environment.
Header
Content-Type: application/x-www-form-urlencoded
Request URL-Encoded Form Parameters
grant_type: refresh_token
client_assertion_type: urn:ietf:params:oauth:client-assertion-type:jwt-bearer
client_id: integration-api
refresh_token: <the-refresh-token>
The payload data are form parameters. Select the appropriate content-type for the request body to pass this data.
Response
{
"access_token": "NEW_ACCESS_TOKEN",
"expires_at": JAVA_TIMESTAMP,
"refresh_expires_in": 0,
"refresh_token": "NEW_REFRESH_TOKEN",
"token_type": "bearer",
"not-before-policy": JAVA_TIMESTAMP,
"session_state": "UUID",
"scope": "TOKEN_VALIDITY_SCOPES"
}
The response contains the new access token at the JSON path $.access_token
. For security reasons, never share the access token or the refresh token found at the JSON path $.refresh_token
.
You can use the access token as a bearer authentication header for subsequent API calls and the refresh token to get a new valid access token. Please note that the property $.refresh_expires_in
returns you the remaining seconds until you can refresh your access token with the refresh token. Once expired, you need to get a new access token with the request containing the credentials.
Authentication: Bearer ACCESS_TOKEN
Comments
0 comments
Article is closed for comments.