Understanding OAuth 2.0 Working with our products

Access to all Chenosis APIs is based on the OAuth 2.0 framework, so developers are required to obtain an OAuth access token in order to make successful API calls. To obtain an OAuth access token, a developer shall register their app and obtain Consumer Key and Consumer Secret. To retrieve an OAuth access token, a request to the token endpoint will be made using the Consumer Key and Secret, and specifying the "client credentials" grant type. The sequence diagram below illustrates the implemented flow.

Get Access Token

The first action is to get an access token. This requires calling the token endpoint using your Application credentials - the consumer key (client_id) and consumer secret (client_secret) that are generated when registering the App. The endpoint that is called is:

https://sandbox.api.chenosis.io/oauth/client

And it can be called as follows:

curl -X POST -H "Content-Type: application/x-www-form-urlencoded" https://sandbox.api.chenosis.io/oauth/client/accesstoken?grant_type=client_credentials -d 'client_id={consumer-key}&client_secret={consumer-secret}'

After firing the request above, a successful response should look like the one below.

HTTP/1.1 200 OK

Content-Type: application/json

{
    "issued_at" : "1466025123306",
    "application_name" :
    "716bbe61-f14a-4e45-9b56-a62ff8e0d347",
    "scope" : "",
    "status" : "approved",
    "api_product_list" : "[sms-product, vpn-product]",
    "expires_in" : "1800", //--in seconds
    "developer.email" : "[email protected]",
    "token_type" : "BearerToken",
    "client_id" : "xNnREu1DNGfiwzQZ5HUN8IAUwZSW1rtp",
    "access_token" : "GTPY9VUHCqKVMRB0cHxnmAp0utR0",
    "organization_name" : "Chenosis",
    "refresh_token_expires_in" : "0", //--in seconds
    "refresh_count" : "0"
}

Make an API call

From the response returned when calling the token endpoint, the access_token must be extracted and used to make an API call. It's mandatory that the access token be used as the header Authorization parameter.

Header Authorization parameter:

Authorization: Bearer GTPY9VUHCqKVMRB0cHxnmAp0utR0

Using the OAuth access token, an API call to our subscription API would look like:

curl https://sandbox.api.chenosis.io/customers/27811111111/subscriptions -H "Authorization: Bearer {access_token}"