Skip to end of banner
Go to start of banner

Authenticate on Behalf of User

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Current »

The Resource Owner Password Credentials Grant can be used to exchange a user's email address and a password with an access token. The access token is then used to make requests to the Gini API on behalf of the user.

//authenticating on behalf of a user

curl -v -X POST --data-urlencode
    'username=some_user@example.com'
    --data-urlencode 'password=supersecret'
    -H 'Content-Type: application/x-www-form-urlencoded'
    -H 'Accept: application/json'
    -u 'client-id:secret' 'https://user.gini.net/oauth/token?grant_type=password'
Request

Key

Description

username

The user's email address.

password

The user's password.

Note that the client should authenticate itself using basic HTTP access authentication with its ID as a username and its secret as a password.

POST /oauth/token?grant_type=password HTTP/1.1
Authorization: Basic Y2xpZW50LWlkOnNlY3JldA==
Host: user.gini.net
Accept: application/json
Content-Type: application/x-www-form-urlencoded

username=some_user@example.com&password=supersecret

//example response

{
  "access_token":"6c470ffa-abf1-41aa-b866-cd3be0ee84f4",
  "token_type":"bearer",
  "expires_in":3599
}

//The returned access token can now be used to make requests to the Gini Pay API on behalf of the user. To do so, send the access token as a bearer token in the Authorization request header:

GET /documents HTTP/1.1
Host: pay-api.gini.net
Authorization: BEARER 6c470ffa-abf1-41aa-b866-cd3be0ee84f4
Accept: application/vnd.gini.v1+json
Connection: close

If your client is configured, you will also receive a refresh token in the token api response. By providing the received refresh token, you can get a new access token by calling token endpoint with refresh_token grant_type.

// Getting access token providing refresh token

curl -v -X POST  --data-urlencode 'grant_type=refresh_token'\
    --data-urlencode 'refresh_token=<refresh_token_received_from_token_api>' \
    -H 'Content-Type: application/x-www-form-urlencoded' \
    -H 'Accept: application/json' \
    -u "client-id:client-secret" \
    'https://user.gini.net/oauth/token'

  • No labels