Authenticaction
The LipaLater API uses the Client Credentials Flow(defined in OAuth 2.0 RFC 6749, section 4.4) for authentication and authorization. The client application is expected to pass along a Client Key and Client Secret in order to authenticate and receive an access token. To retrieve your client Key and client secret please send a request to devops@lipalater.com and they will be generated for you.
How it works
- The client app authenticates with our Authorization Server
/open/op/platform/token/
using its ClientID and Client Secret. - Our Authorization Sever validates the ClientID and Client Secret.
- We will then respond with an Access Token.
- The client application can use the Access Token to call our API and our API responds with the requested data.
Authentication Request
Request to retrieve Access Token
Note: Authorization: Basic {base64 encoded string}
. (The base64 string is a combination of Client key and client Secret. i.e key:secret
).
curl -i -H "Authorization:Basic {base64 encoded string}" \
-X GET '{BASE_URL}/open/op/platform/token/'
Response from Authorization server
Success:
{
"code": 200,
"msg": "success",
"data": {
"accessToken": "{token}",
"tokenType": "Bearer",
"expiresSeconds": 300,
"createdAt": {timestamp}
},
"success": true
}
error:
{
"code": 500,
"msg": "No credentials",
"data": null,
"success": false
}
Other Header Details
The following headers will be required in all other API calls
{
"Authorization": "Bearer {access_token}",
"Noncestr": {nonce},
"Sign": {sign},
"Timestamp": {timestamp},
}
Note: use Test Sign to generate nonce, sign, and timestamp