Microbilt API’s OAuth Documentation
OAuth2 allows third-party applications to grant limited access to an HTTP service, either on behalf of a resource owner or by allowing the third-party application to obtain access on its own behalf. Access is requested by a client, it can be a website or a mobile application for example.
Microbilt API’s use OAuth 2.0 protocol for authentication and authorization.
Before you can begin the OAuth process, you must first register a new app with the service. After registering your app, you will receive a Client ID and a Client Secret.
OAuth Endpoints
Sandbox https://apitest.microbilt.com/OAuth/GetAccessToken
Production https://api.microbilt.com/OAuth/GetAccessToken
Requesting an access token
Once your application is properly configured you can request an access token by making a request to the OAuth Endpoint. The token will contain the user/service account profile information together with expiry time and issuer details. The request access token can be used as a bearer token to further invoke Microbilt API’s and allow your application to access products and API’s.
curl -X POST https://apitest.microbilt.com/OAuth/GetAccessToken \ -H 'Content-Type: application/json' \ -d '{ "client_id": "<CLIENT_ID>","client_secret": "<CLIENT_SECRET>" , "grant_type" : "client_credentials" }'
or
curl -X POST https://apitest.microbilt.com/OAuth/GetAccessToken?grant_type=client_credentials\ -H 'Content-Type: application/x-www-form-urlencoded ' \ -d 'client_id=<CLIENT_ID>&client_secret=<CLIENT_SECRET>'
Parameter |
Description |
client_id (Required) |
client_id identifies your application and should be treated as your application's user name. |
client_secret (Required) |
client_secret is a secret key assigned to your application, this should be treated as your application's password. |
Grant-Type (Required) |
Supported grant type is client_credentials |
Content-Type (Required) |
Payload type (application/json, application/x-www-form-urlencoded) |
Response:
Below is a sample response which includes status code and token information:
HTTP Status Code 200 { "issued_at" : "1525190727056", "expires_in" : "3599", "token_type" : "BearerToken", "access_token" : "kE8WyfAAgaoPPisGakxRw9aEL8eH", "status" : "approved" }
Parameter |
Description |
issued_at |
Refers to the UNIX timestamp of our system in central standard time |
expires_in |
The number of seconds remaining, from the time it was requested, before the token will expire |
token_type |
Refers to the type of token |
access_token |
The access_token is valid for a limited period described by expires_in seconds. You may obtain a new access_token whenever the access_token has expired by repeating the above operation. |
Using the access token
Once you've obtained an Access Token, you can start making authenticated API requests by including an "Authorization" header as a Bearer token in your HTTP call to Microbilt’s API.
curl -v -X GET https://apitest.microbilt.com/application/path \ -H "Content-Type: application/json" \ -H "Accept: application/json" \ -H "Authorization: Bearer <ACCESS_TOKEN>" -d '{ application specific data }'