Show Menu

Authorization

All calls require the platform’s authentication credentials. Authentication credentials are sent using HTTP Bearer auth with client_key and client_secret. These will be assigned by XTRM.

Token Generation

post/oAuth/token

Header Parameters

Authorizationstring

client_id, client_secret provided by XTRM.

Content-typestring

x-www-form-urlencoded

Request Parameters

grant_type=passwordstring

client_idstring

The Consumer Key from the XTRM.

client_secretstring

The Consumer secret key from the XTRM.

XTRM verifies the user credentials, and if successful, sends a response to the application with the access token. This response contains the following values:

access_token

Access token that acts as a session ID that the application uses for making requests. This token should be protected as though it were user credentials.

token_type

HTTP Bearer auth sent

expires_in

When the signature will expire in seconds

refresh_token

Refresh token is used when refresh token call made

.issued

When the signature was created,

.expires

When the signature will expire.

Sample Request:

sandbox.xapi.xtrm.com/oAuth/token

grant_type=password&client_id=YOUR_CLIENT_ID_FROM_XTRM&client_secret=YOUR_CLIENT_SECRET_XTRM

						

Sample Response:


{
  "access_token": "rlpRJOTSQQxt+55k6tWKeysdZdlulE9alPZWefSaBig+ekSIt1QKs+VUKXKwYAdjuZXHk++P8fkPchZ07wn20TRO8cmndIRbRJBDIkF0C/fLFeGkMqNsk+y/bYVeG77Xanucg8IhiXH2m6kF95YMN4fGfTNGIdp6201hIqOUKSCTsSGxgjtcrqVIcUU=",
  "token_type": "bearer",
  "expires_in": 86399,
  "refresh_token": "a142e7ddf8cc4a73adea96aa1e175b96",
  "client_id": "1710001_API_User",
  ".issued": "Wed, 09 Aug 2017 05:53:32 GMT",
  ".expires": "Thu, 10 Aug 2017 05:53:32 GMT"
}