Looking for something else?
Looking for something else?
Overview: An introduction and high-level overview
Sandbox Environments: The freedom and security to iterate quickly with production-quality data
Authentication: You're here!
Getting Started: Examples to help you get straight to work using our APIs
Data Models: A brief overview to help you get oriented
API Standards: We're RESTful JSON over https -- familiar, friendly, and effective
File Uploads: Our approach to getting your files where you want them
API Documentation: A live swagger UI using OpenAOI 3.0.1 that plays nicely with Postman and similar tooling
FAQ: We all have questions. Right?
OAuth Client Credentials Flow
4U APIs use the OAuth 2.0 protocol for authentication and authorization and we support the standard client credentials flow for machine-to-machine (M2M) access.
Credentials
As part of being set-up with your sandbox environment, you will be provided with client credentials in the form of a clientId
and a clientSecret
. In addition, you'll be provided with the url of a 4U Authorization Server.
Authorization Flow
Your client application requests an access token from the 4U Authorization Server, extracts an access token from the json response, and sends the token as part of your request when accessing 4U APIs.
Access tokens periodically expire and will need to be refreshed by using your clientId
and clientSecret
to obtain a fresh token.
For purposes of illustrating the flow, here's the sequence carried out using curl
:
curl --request POST "https://${AUTH_HOST}/oauth2/token" \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode "client_id=${CLIENT_ID}" \
--data-urlencode "client_secret=${CLIENT_SECRET}"
might return a response similar to (the access_token
has been shortened for ease of reading):
{
"access_token": "eyJraWQi.OiJ3XBfz3TkU2.7q8gHmqgw",
"expires_in": 3600, // in seconds
"token_type": "Bearer"
}
You can then make a request to the 4U API as follows using the access_token
in the previous response:
curl "https://${API_HOST}/content-service/api/v1/content-format' \
--header "Authorization: Bearer ${ACCESS_TOKEN}"
Questions or comments?
We're here 4U β integration@4uplatform.com