Authentication

Authentication with OAuth2 Authorization Framework.

RFC 6749 - The OAuth 2.0 Authorization Framework

OAuth 2.0 is an authorization framework enabling applications to access user data without the user having to share their password. It works by having the user authorize the application to access their data on a third-party server, such as Google or Facebook. The application is then given an access token that it can use to access the user's data.

Authentication

To interact with the One Record API, clients, typically applications rather than individual users, need to authenticate first.

Authenticate an Application

For authenticating an application, it must send a POST request to the route

/authentication/oauth2/token

The request body must be encoded in x-www-form-urlencoded format and include the following parameters:

client_id: Identifies the client application.
client_secret: Secret key associated with the client application.
grant_type: Must be set to client_credentials to indicate the type of grant being requested. This information is securely sent over HTTPS.

Example

post

Authorizations

Body

Access Token

grant_typestring · enumRequiredPossible values:

client_idstringRequired

client_secretstringRequired

Responses

200Success

application/json

400

Bad Request

application/json

401

Unauthorized

application/json

422

Unprocessable Entity

application/json

post

POST /authentication/oauth2/token HTTP/1.1
Host: api.one-record.fr
Authorization: Bearer JWT
Content-Type: application/x-www-form-urlencoded
Accept: */*
Content-Length: 77

"grant_type='client_credentials'&client_id='text'&client_secret='text'"

{
  "access_token": "text",
  "refresh_token": "text",
  "expires_in": 1800,
  "refresh_expires_in": 604800,
  "token_type": "Bearer",
  "scope": "text"
}

PreviousTroubleshooting NextAuthorization

Last updated 9 months ago