Access Token
All APIs are protected using OAuth2 Access Token. Login to the application initiates the user authentication process to acquire JSON Web Token (JWT) based Access token consisting of user claims and scopes used in accessing protected resources.
The Authorization Header with the access token in an HTTP Request is usually, but not always, sent along with the requests to access a resource. In the documented API, it is mentioned for each API described if an access token is required or not to access a protected resource.
The latest TLS Protocol is recommended to securely transmit the data.
Validity
The JWT-based access token is short-lived (~5 min) after which the token expires and the user is barred from accessing the resources. To continue accessing resources without re-authentication, a new token is acquired by calling the Get Access Token API before the current access token gets expired or becomes invalid. If the current access token is expired or invalid, the authentication process should be started so that the user agent can re-authenticate.
Request Headers
The following fields are required in the header section of your request:
- Accept: Data format of the response body. Only supports application/json.
- Content-Type: Data format of the request body. Only supports application/json.
- Content-Length: (see RFC-7230)
- Authorization: (see RFC 7617)
- User-Agent: YourCompany YourApp/v1.0 - requires the User-Agent value to reflect your business or entity name for API troubleshooting.