OAuth 2.0

OAuth is another method of verification of API calls. JRNI uses standard OAuth 2.0 to determine if OAuth is suitable authentication method for your API integration.

Similar to Single Sign On, a token will need be returned in the API response. The access token will be valid for 2 hours and 401 Authorisation errors will be returned from the API if the Access Token has expired.

JRNI will provide you with the Client Id and Secret. To obtain their Bearer Token, submit the following API call.

curl -X POST  
  -H 'Accept: application/json'  
  -H 'Cache-Control: no-cache'  
  -H 'Content-Type: application/json'  
  -d '{  
    "grant_type": "client_credentials",  
    "client_id": "{app-id}",  
    "client_secret": "{secret}",  
    "scope": "all_companies owner"  

Include the Bearer Token in the HTTP Header for all API calls requiring Authentication to use them (eg Admin API calls). Below is an Admin API GET Clients demonstrating the required OAuth Token.

curl -X GET  
  -H 'Accept: _/_'  
  -H 'Accept-Encoding: gzip, deflate'  
  -H 'Authorization: Bearer ff6905d3906d5cb8871bed73e79t58bb3309b25d3228aa61f532735675af5f2z'