How to authenticate

Short description

Example

POST https://integration.webtopsolutions.com/flow/authtoken

Body

grant_type=client_credentials&client_id=demo_client&client_secret=566gg61e-7859-4494-a6cd-0c51451sdc

Response example:

{
 "access_token": "XBNoMfVoaFIb4Af4FuHH5m_8V-0cuh9B5Z9hFe7lNmdbOrRf2y3...",
 "token_type": "bearer",
 "expires_in": 1200,
 "refresh_token": "CQB0QSbfrQzVsvrbu4FUpw1v-KXqkSfOGP-ZqKrgrLWKsPWV6HyP...",
 "refresh_token_expires_in": 608399
}

Response description

access_token
Proves that an user is authenticated, and is used as an identificator in backend Must be sent in all queries against Flow that requires authentication Sent as a header parameter

Authorization: Bearer XBNoMfVoaFIb4Af4FuHH5m_8V...

refresh_token
Can be used to retrieve a new access_token when access_token has expired as the refresh_token has a longer expiration time

POST /authtoken

Body

grant_type=refresh_token&client_id=myclient&refresh_token=v8jg5ohutgJP2efCSp9-HFpLBhdDt...

Response example

{
  "access_token": "XBNoMfVoaFIb4Af4FuHH5m_8V-0cuh9B5Z9hFe7lNmdbOrRf2y3...",
  "token_type": "bearer",
  "expires_in": 1200
}

Will give error when refresh_token has expired

{
  "error": "invalid_grant"
}

Then just reuse client credentials to fetch a new one.

For most purposes you can ignore the refresh token and just implement authentication using client credentials since your application has access to the client secret all the time.

AI Assistant (Beta)