MicroBilt API's OAuth Documentation

OAuth_MB

OAuth2 allows third-party applications to grant limited access to an HTTP service, either on behalf of a resource owner or by allowing the third-party application to obtain access on its own behalf. Access is requested by a client, it can be a website or a mobile application for example.

Microbilt API’s use OAuth 2.0 protocol for authentication and authorization.

 

Before you can begin the OAuth process, you must first register a new app with the service. After registering your app, you will receive a Client ID and a Client Secret.

 

OAuth Endpoints

Sandbox https://apitest.microbilt.com/OAuth/Token

Production https://api.microbilt.com/OAuth/Token

 

Requesting an access token

 

Once your application is properly configured you can request an access token by making a request to the OAuth Endpoint. The token will contain the user/service account profile information together with expiry time and issuer details. The request access token can be used as a bearer token to further invoke Microbilt API’s and allow your application to access products and API’s.

curl -X POST https://apitest.microbilt.com/OAuth/Token \
  -H 'Content-Type: application/json' \
  -d '{ "client_id": "<CLIENT_ID>","client_secret": "<CLIENT_SECRET>" , "grant_type" : "client_credentials" }'

or

curl -X POST https://apitest.microbilt.com/OAuth/Token?grant_type=client_credentials\
  -H 'Content-Type: application/x-www-form-urlencoded ' \
  -d 'client_id=<CLIENT_ID>&client_secret=<CLIENT_SECRET>'

 

Parameter

Description

client_id

(Required)

client_id  identifies your application and should be treated as your application's user name.

client_secret

(Required)

client_secret is a secret key assigned to your application, this should be treated as your application's password.

Grant-Type

(Required)

Supported grant type is client_credentials

Content-Type

(Required)

Payload type (application/json, application/x-www-form-urlencoded)

 

Response:

Below is a sample response which includes status code and token information:

HTTP Status Code 200
{
  "issued_at" : "1525190727056",
  "expires_in" : "3599",
  "token_type" : "BearerToken",
  "access_token" : "kE8WyfAAgaoPPisGakxRw9aEL8eH",
  "status" : "approved"
}

 

Parameter

Description

issued_at

Refers to the UNIX timestamp of our system in central standard time

expires_in

The number of seconds remaining, from the time it was requested, before the token will expire

token_type

Refers to the type of token

access_token

The access_token is valid for a limited period described by expires_in seconds. You may obtain a new access_token whenever the access_token has expired by repeating the above operation.

 

Using the access token

Once you've obtained an Access Token, you can start making authenticated API requests by including an "Authorization" header as a Bearer token in your HTTP call to Microbilt’s API. 

curl -v -X GET https://apitest.microbilt.com/application/path \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-H "Authorization: Bearer <ACCESS_TOKEN>"
-d '{ application specific data }'

OAuth2 allows third-party applications to grant limited access to an HTTP service, either on behalf of a resource owner or by allowing the third-party application to obtain access on its own behalf. Access is requested by a client, it can be a website or a mobile application for example.