Skip to main content
All Collections4U Developer Site
4U Developer Site: Authentication
4U Developer Site: Authentication

The ins and outs of OAuth 2.0 and how to obtain access tokens

Updated over 2 months ago

Looking for something else?

  • Overview: An introduction and high-level overview

  • Sandbox Environments: The freedom and security to iterate quickly with production-quality data

  • Authentication: You're here!

  • Getting Started: Examples to help you get straight to work using our APIs

  • Data Models: A brief overview to help you get oriented

  • API Standards: We're RESTful JSON over https -- familiar, friendly, and effective

  • File Uploads: Our approach to getting your files where you want them

  • API Documentation: A live swagger UI using OpenAOI 3.0.1 that plays nicely with Postman and similar tooling

  • FAQ: We all have questions. Right?

OAuth Client Credentials Flow

4U APIs use the OAuth 2.0 protocol for authentication and authorization and we support the standard client credentials flow for machine-to-machine (M2M) access.

Credentials

As part of being set-up with your sandbox environment, you will be provided with client credentials in the form of a clientId and a clientSecret. In addition, you'll be provided with the url of a 4U Authorization Server.

Authorization Flow

Your client application requests an access token from the 4U Authorization Server, extracts an access token from the json response, and sends the token as part of your request when accessing 4U APIs.

Access tokens periodically expire and will need to be refreshed by using your clientId and clientSecret to obtain a fresh token.

Curl Example

For purposes of illustrating the flow, here's the sequence carried out using curl:

curl --request POST "https://${AUTH_HOST}/oauth2/token" \
     --header 'Content-Type: application/x-www-form-urlencoded' \
     --data-urlencode 'grant_type=client_credentials' \
     --data-urlencode "client_id=${CLIENT_ID}" \
     --data-urlencode "client_secret=${CLIENT_SECRET}"

might return a response similar to (the access_token has been shortened for ease of reading):

{
  "access_token": "eyJraWQi.OiJ3XBfz3TkU2.7q8gHmqgw",
  "expires_in": 3600, // in seconds
  "token_type": "Bearer"
}

You can then make a request to the 4U API as follows using the access_token in the previous response:

curl "https://${API_HOST}/content-service/api/v1/content-format' \
   --header "Authorization: Bearer ${ACCESS_TOKEN}"

Postman Example

If you use Postman, you can obtain an access token as illustrated below. You'll simply need to substitute in the appropriate authorization host, client id, and client secret.

Additionally, Postman natively supports the OAuth2.0 flow as described in their documentation. Although this functionality is currently available in the free version of Postman you do need to create a free account.

Swagger Example

Our swagger UI for our APIs also allows you to directly enter your client id and client secret.

Simply click on the green "Authorize" button and provide your client id and secret in the pop-up window as shown below.

Questions or comments?

We're here 4U – integration@4uplatform.com

Did this answer your question?