This document describes how client can obtain access token for authenticating a user and use that token to access Amino APIs.
...
- A User can be authenticated by using our access token, client should first use the login end point. See Login and authentication#/User%20Authentication/loginUser
- Once successfully authenticated, login end point provides access token and refresh token.
- Some users are logged in by cookie, for such cases access tokens can be obtained by cookie <-> token exchange process, See https://confluence.aminocom.com/display/MAPI/Cookie-token+exchange for the exchange process.
...
| Code Block |
|---|
{
"data": [
{
"type": "AuthenticationTokens",
"id": "9bc6871e-ce26-4b8a-96f6-e6688599d938",
"attributes": {
"login_timestamp": 1538126476,
"user_id": 1234,
"user_profile_id": "84eb61a9-75d4-42c7-8c15-84c3d7776227",
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJBbWlub01vdmUiLCJpYXQiOjE1Mzc1MjIxNzQsImV4cCI6MTUzODEyNjk3OSwiYXVkIjoid3d3LmJvb3h0di5maSIsInN1YiI6ImV4YW1wbGVfdXNlckBlbWFpbGRvbWFpbi5jb20iLCJwcm9maWxlX2lkIjoiNmM3Zjk0YWYtYjYwMy00ZjM5LTgzODQtZjEyMjI2ZWE5ZDRjNmM3Zjk0YWYtYjYwMy00ZjM5LTgzODQtZjEyMjI2ZWE5ZDRjIiwidHlwZSI6ImFjY2VzcyIsInN0Yl9zZXJpYWxfbm8iOiI2MTU1MDAyNjYxNjIifQ.RW6NdDE_kGgkOVKqodeT1fDdxU7Slaf551rp5ctBcFc",
"expires_at_timestamp": 1538126476,
"refresh_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJBbWlub01vdmUiLCJpYXQiOjE1Mzc1MjIxNzQsImV4cCI6MTU0NTk4OTM3OSwiYXVkIjoid3d3LmJvb3h0di5maSIsInN1YiI6ImV4YW1wbGVfdXNlckBlbWFpbGRvbWFpbi5jb20iLCJ0eXBlIjoicmVmcmVzaCJ9.9Pxzv0oGxjZmAIpZiH-aiue7LwAMcddPPHnaiOkpb-A"
}
}
]
} |
Access Token Usage:
The access token that are obtained from the above endpoints can be used to access all the new APIs and legacy APIs. Clients are expected to provide the token in the "Authorization" header,
for example:
| Code Block |
|---|
GET /channels/{channel_id}/relationships/streams
HTTP/1.1
Host: customer.domain:443
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJBbWlub1RWIEFQSSIsImlhdCI6MTUzMTgzNDI0MSwiZXhwIjoxNTYzMzcwMjQxLCJhdWQiOiJ3d3cuYW1pbm9jb20uY29tIiwic3ViIjoiYW5keS5iZWFrQGFtaW5vY29tLmNvbSJ9.BL5bRDANTPJqTSiPdUWKN3xSEJTqdVoDuwqrYSaW1xY
cache-control: no-cache |
| Info |
|---|
We recommend that the client does not rely on any claims in the token as these may change without notice. |
Renewing an access token:
Every endpoint that provides access token will also provide a refresh token, in order to renew the access token, use the following end point to renew the token User Authentication#/Account%20Authentication/createAccessToken
| Info |
|---|
|
...