Alvaria™ Cloud Authorization (OAuth 2.0) v2.0.1
Scroll down for code samples, example requests and responses. Select a language for code samples from the tabs above or the mobile navigation menu.
Overview
The endpoint for authentication is:
https://{FQDN}/tokenservice/oauth2/access_token?realm={orgId}
orgIdis your organization name as supplied by Alvaria.- See Table 1 below for
FQDNdetails
Table 1: List of FQDN for every cloud provider and region
| Cloud Vendor | Region | FQDN |
|---|---|---|
| Amazon Web Service (AWS) | United States | https://myaspect.id.aspect-cloud.net |
| Amazon Web Service (AWS) | Europe | https://myaspect.eu.id.aspect-cloud.net |
| Amazon Web Service (AWS) | United Kingdom | https://myaspect.uk.id.aspect-cloud.net |
| Amazon Web Service (AWS) | Canada | https://myaspect.yyz.id.aspect-cloud.net |
| Microsoft Azure | United States | https://myaspect.us-a.id.aspect-cloud.net |
| GCP | United States | https://myaccount.dsm.sre.alvaria.cloud |
The following provides an example in curl of how to request an oauth token using the authentication endpoint.
curl -X "POST" "https://myaspect.id.aspect-cloud.net/tokenservice/oauth2/access_token" \
-H "content-type: application/x-www-form-urlencoded" \
-u "myAppName:ac0002ebdacc90f5a61ab99b703cb693" \
--data-urlencode "realm=myOrganization" \
--data-urlencode "scope=provisioningapi engagementcenterapi streamingapi" \
--data-urlencode "grant_type=client_credentials"
where:
clientId:secretare values supplied by Alvaria as a result of registering the application with Alvaria™ Cloud. In the previous example, the client Id is myAppName and the secret is ac0002ebdacc90f5a61ab99b703cb693.scopemust be supplied to indicate which APIs the client needs authorization to access. In the example the client is asking for permission to access the provisioning, reporting and campaign APIs.grant_typemust be set to client_credentials. The grant_type provides the context for the username value passed in the authorization request. Specifically, that the username is to be interpreted as the clientId and secret.
You can try out the authorization request in tools such as Postman by importing the authorization swagger file into the Postman app.
A successful request returns an oauth token that must be supplied in all future REST API calls. The value of the oauth token is returned in the "access_token" property of a successful response.
{
"access_token": "ad97f5cb-08b6-4072-99a7-d434d251c962",
"scope": "provisioningapi engagementcenterapi streamingapi",
"token_type": "Bearer",
"expires_in": 3599
}
By default all tokens expire in 60 minutes as indicated in the "expires_in" property (expressed in seconds) returned from the authentication call. Applications must reissue the original authentication call to get a new token before the expiration time elapses.
Base URLs:
Authentication
- HTTP Authentication, scheme: basic
accessToken
Get oauth token
Code samples
# You can also use wget
curl -X POST https://myaspect.id.aspect-cloud.net/tokenservice/oauth2/access_token?realm=string \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Accept: application/json'
const fetch = require('node-fetch');
const inputBody = {
"scope": "string",
"grant_type": "client_credentials"
};
const headers = {
'Content-Type':'application/x-www-form-urlencoded',
'Accept':'application/json'
};
fetch('https://myaspect.id.aspect-cloud.net/tokenservice/oauth2/access_token?realm=string',
{
method: 'POST',
body: JSON.stringify(inputBody),
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
POST https://myaspect.id.aspect-cloud.net/tokenservice/oauth2/access_token?realm=string HTTP/1.1
Host: myaspect.id.aspect-cloud.net
Content-Type: application/x-www-form-urlencoded
Accept: application/json
POST /tokenservice/oauth2/access_token
Body parameter
scope: string
grant_type: client_credentials
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| realm | query | string | true | organization to request an oauth token for |
| body | body | object | true | none |
| » scope | body | string | true | api permissions requested |
| » grant_type | body | string | true | token request type |
Example responses
200 Response
{
"access_token": "76f22112-76f8-482b-a685-139b98029986",
"scope": "engagementcenterapi streamingapi",
"token_type": "Bearer",
"expires_in": 3599
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Successful response | TokenResponse |
| 400 | Bad Request | Bad Request | ErrorResponse |
| 401 | Unauthorized | Unauthorized | None |
| 405 | Method Not Allowed | Method Not Allowed | ErrorResponse |
| 408 | Request Timeout | Request Timeout | ErrorResponse |
| 429 | Too Many Requests | Throttled | ErrorResponse |
| 500 | Internal Server Error | Internal Server Error | ErrorResponse |
Schemas
TokenResponse
{
"access_token": "76f22112-76f8-482b-a685-139b98029986",
"scope": "engagementcenterapi streamingapi",
"token_type": "Bearer",
"expires_in": 3599
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| access_token | string | false | none | none |
| scope | string | false | none | none |
| token_type | string | false | none | none |
| expires_in | integer | false | none | none |
ErrorResponse
{
"code": 0,
"message": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| code | integer | false | none | Error code |
| message | string | false | none | Error message. |