7.1. Logging in for 3rd-party systems¶
If a 3rd-party system wants to access the specific API for company creation and similar, it needs to fetch an authentication token for itself directly.
This is done by requesting a grant type of client_credentials
:
Example
curl -s https://client_id:[email protected]/oauth/token/ \
--data="scope=read%20write&grant_type=client_credentials"
Response:
{
// Token expiry time
"expires_in": 600,
// Refresh token
"refresh_token": "cU8PqVszJXX8A3bzFWKjMUfJK3nXXB",
// Access token to be used in Authentication: Bearer <token>
"access_token": "WlMxwPLaAG3krmvJxyzkSiVgIGaPIdH",
// Token type. Currently only “Bearer” is available
"token_type": "Bearer",
"scope": "read write"
}
This token may then be used to call the 3rd-party API.
Note
Impersonating a user
If a 3rd-party API needs to impersonate a user / work on his behalf, it possible to retrieve an OAuth token for such user. For details on how this works, please contact CargoX.