Page Comparison

This document describes the process of obtaining access token and refresh token and use that token to access Amino APIs.

...

User authentication is possible using the access token to do so, client should first use the login end point to obtain the access token See Login and authentication#/User%20Authentication/loginUser
Once successfully authenticated, login end point provides access token and refresh token.
- Special case: If some users are already logged in by cookie, for such cases access tokens can be obtained by cookie <-> token exchange process, See https://confluence.aminocom.com/display/MAPI/Cookie-token+exchange for the exchange process.

...

Code Block

{
  "data": [
    {
      "type": "AuthenticationTokens",
      "id": "9bc6871e-ce26-4b8a-96f6-e6688599d938",
      "attributes": {
        "login_timestamp": 1538126476,
        "user_id": 1234,
        "user_profile_id": "84eb61a9-75d4-42c7-8c15-84c3d7776227",
        "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJBbWlub01vdmUiLCJpYXQiOjE1Mzc1MjIxNzQsImV4cCI6MTUzODEyNjk3OSwiYXVkIjoid3d3LmJvb3h0di5maSIsInN1YiI6ImV4YW1wbGVfdXNlckBlbWFpbGRvbWFpbi5jb20iLCJwcm9maWxlX2lkIjoiNmM3Zjk0YWYtYjYwMy00ZjM5LTgzODQtZjEyMjI2ZWE5ZDRjNmM3Zjk0YWYtYjYwMy00ZjM5LTgzODQtZjEyMjI2ZWE5ZDRjIiwidHlwZSI6ImFjY2VzcyIsInN0Yl9zZXJpYWxfbm8iOiI2MTU1MDAyNjYxNjIifQ.RW6NdDE_kGgkOVKqodeT1fDdxU7Slaf551rp5ctBcFc",
        "expires_at_timestamp": 1538126476,
        "refresh_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJBbWlub01vdmUiLCJpYXQiOjE1Mzc1MjIxNzQsImV4cCI6MTU0NTk4OTM3OSwiYXVkIjoid3d3LmJvb3h0di5maSIsInN1YiI6ImV4YW1wbGVfdXNlckBlbWFpbGRvbWFpbi5jb20iLCJ0eXBlIjoicmVmcmVzaCJ9.9Pxzv0oGxjZmAIpZiH-aiue7LwAMcddPPHnaiOkpb-A"
      }
    }
  ]
}

Access Token Usage:

The access token that are obtained from the above endpoints can be used to access all the new APIs and legacy APIs. Clients are expected to provide the token in the "Authorization" header,

for example:

Code Block

GET /channels/{channel_id}/relationships/streams 
HTTP/1.1
Host: customer.domain:443
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJBbWlub1RWIEFQSSIsImlhdCI6MTUzMTgzNDI0MSwiZXhwIjoxNTYzMzcwMjQxLCJhdWQiOiJ3d3cuYW1pbm9jb20uY29tIiwic3ViIjoiYW5keS5iZWFrQGFtaW5vY29tLmNvbSJ9.BL5bRDANTPJqTSiPdUWKN3xSEJTqdVoDuwqrYSaW1xY
cache-control: no-cache

Info
We recommend that the client does not rely on any claims in the token as these may change without notice.

Renewing an access token:

Every endpoint that provides access token will also provide a refresh token, in order to renew the access token.

The token is renewed by calling the createToken endpoint with grant_type=refresh_token token User Authentication#/Account%20Authentication/createAccessToken

Note
Note: The endpoint currently supports grant_type=refresh_token only

Info
MUST use the refresh token obtained from the previous authentication. Refresh token will have an expiration time, if expired repeat steps from How to get Access Token block.

...

Version	Old Version 39	New Version 40
Changes made by	Sandesh Melkote Shivashankar	Sandesh Melkote Shivashankar
Saved on	Oct 03, 2019	Oct 03, 2019

Versions Compared

Key

Access Token Usage:

Renewing an access token: