Authenticate on Behalf of User
- Former user (Deleted)
- Vedat Ekiz
Owned by Former user (Deleted), created
The Resource Owner Password Credentials Grant can be used to exchange a user's email address and a password with an access token. The access token is then used to make requests to the Gini API on behalf of the user.
//authenticating on behalf of a user
curl -v -X POST --data-urlencode
'username=some_user@example.com'
--data-urlencode 'password=supersecret'
-H 'Content-Type: application/x-www-form-urlencoded'
-H 'Accept: application/json'
-u 'client-id:secret' 'https://user.gini.net/oauth/token?grant_type=password'Request
Key | Description |
|---|---|
| The user's email address. |
| The user's password. |
Note that the client should authenticate itself using basic HTTP access authentication with its ID as a username and its secret as a password.
POST /oauth/token?grant_type=password HTTP/1.1
Authorization: Basic Y2xpZW50LWlkOnNlY3JldA==
Host: user.gini.net
Accept: application/json
Content-Type: application/x-www-form-urlencoded
username=some_user@example.com&password=supersecret
//example response
{
"access_token":"6c470ffa-abf1-41aa-b866-cd3be0ee84f4",
"token_type":"bearer",
"expires_in":3599
}
//The returned access token can now be used to make requests to the Gini Pay API on behalf of the user. To do so, send the access token as a bearer token in the Authorization request header:
GET /documents HTTP/1.1
Host: pay-api.gini.net
Authorization: BEARER 6c470ffa-abf1-41aa-b866-cd3be0ee84f4
Accept: application/vnd.gini.v1+json
Connection: closeÂ
If your client is configured, you will also receive a refresh token in the token api response. By providing the received refresh token, you can get a new access token by calling token endpoint with refresh_token grant_type.
// Getting access token by providing refresh token
curl -v -X POST --data-urlencode 'grant_type=refresh_token'\
--data-urlencode 'refresh_token=<refresh_token_received_from_token_api>' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Accept: application/json' \
-u "client-id:client-secret" \
'https://user.gini.net/oauth/token'Â