The Resource Owner Password Credentials Grant can be used to exchange a user's email address and a password with an access token. The access token is then used to make requests to the Gini API on behalf of the user.
//authenticating on behalf of a user curl -v -X POST --data-urlencode 'username=some_user@example.com' --data-urlencode 'password=supersecret' -H 'Content-Type: application/x-www-form-urlencoded' -H 'Accept: application/json' -u 'client-id:secret' 'https://user.gini.net/oauth/token?grant_type=password'
Request
Key | Description |
---|---|
| The user's email address. |
| The user's password. |
Note that the client should authenticate itself using basic HTTP access authentication with its ID as a username and its secret as a password.
POST /oauth/token?grant_type=password HTTP/1.1 Authorization: Basic Y2xpZW50LWlkOnNlY3JldA== Host: user.gini.net Accept: application/json Content-Type: application/x-www-form-urlencoded username=some_user@example.com&password=supersecret //example response { "access_token":"6c470ffa-abf1-41aa-b866-cd3be0ee84f4", "token_type":"bearer", "expires_in":3599 } //The returned access token can now be used to make requests to the Gini Pay API on behalf of the user. To do so, send the access token as a bearer token in the Authorization request header: GET /documents HTTP/1.1 Host: pay-api.gini.net Authorization: BEARER 6c470ffa-abf1-41aa-b866-cd3be0ee84f4 Accept: application/vnd.gini.v1+json Connection: close
If your client is configured, you will also receive a refresh token in the token api response. By providing the received refresh token, you can get a new access token by calling token endpoint with refresh_token grant_type.
// Getting access token providing refresh token curl -v -X POST --data-urlencode 'grant_type=refresh_token'\ --data-urlencode 'refresh_token=<refresh_token_received_from_token_api>' \ -H 'Content-Type: application/x-www-form-urlencoded' \ -H 'Accept: application/json' \ -u "client-id:client-secret" \ 'https://user.gini.net/oauth/token'