Retrieving an API Access Token

The Apiax APIs use JSON web tokens (JWT) to authenticate requests. You need to have a valid username and password to access the API and retrieve a JWT. Contact the Apiax support team to get your account.

 

Getting the Access Token

The following table describes the procedure to retrieve and use a JWT.

Method

POST

Endpoint

https://auth.apiax.io/auth/realms/apiax/protocol/openid-connect/token 

This endpoint creates tokens valid for the production environment.

Header

Content-Type: application/x-www-form-urlencoded

Request URL-Encoded Form Parameters


   client_id: integration-api
   grant_type: password
   username: _YOUR_USER_NAME_
   password: _YOUR_USER_PASSWORD_

The payload data are form parameters. Select the appropriate content-type for the request body to pass this data.

Response


  {
   "access_token": "ACCESS_TOKEN",
   "expires_in": JAVA_TIMESTAMP,
   "refresh_expires_in": 0,
   "refresh_token": "REFRESH_TOKEN",
   "token_type": "bearer",
   "not-before-policy": JAVA_TIMESTAMP,
   "session_state": "UUID",
   "scope": "TOKEN_VALIDITY_SCOPES"
  }

The response contains the access token at the JSON path $.access_token. For security reasons, never share the access token or the refresh token found at the JSON path $.refresh_token.

You can use the access token as a bearer authentication header for subsequent API calls.

Authentication: Bearer ACCESS_TOKEN

The default expiration time for expires_in is 1800 seconds.

 

Retrieving a new Access Token with the Refresh Token

In the authentication response, the Refresh Token is included besides the Access Token (see Response structure above). This request token can be used to retrieve a new valid access token without sending the username and password again. The refresh token can be used 14 days starting after the retrieval of your Access Token with credentials.

Method

POST

Endpoint

https://auth.apiax.io/auth/realms/apiax/protocol/openid-connect/token 

This endpoint creates tokens valid for the production environment.

Header

Content-Type: application/x-www-form-urlencoded

Request URL-Encoded Form Parameters


   grant_type: refresh_token
   client_assertion_type: urn:ietf:params:oauth:client-assertion-type:jwt-bearer
   client_id: integration-api
   refresh_token: <the-refresh-token>

The payload data are form parameters. Select the appropriate content-type for the request body to pass this data.

Response


    {
      "access_token": "NEW_ACCESS_TOKEN",
      "expires_at": JAVA_TIMESTAMP,
      "refresh_expires_in": 0,
      "refresh_token": "NEW_REFRESH_TOKEN",
      "token_type": "bearer",
      "not-before-policy": JAVA_TIMESTAMP,
      "session_state": "UUID",
      "scope": "TOKEN_VALIDITY_SCOPES"
    }

The response contains the new access token at the JSON path $.access_token. For security reasons, never share the access token or the refresh token found at the JSON path $.refresh_token.

You can use the access token as a bearer authentication header for subsequent API calls and the refresh token to get a new valid access token. Please note that the property $.refresh_expires_in returns you the remaining seconds until you can refresh your access token with the refresh token. Once expired, you need to get a new access token with the request containing the credentials.

Authentication: Bearer ACCESS_TOKEN

 

Was this article helpful?

Comments

0 comments

Article is closed for comments.

Still have questions?

Please submit a request and we will get back to you shortly.

Submit a ticket