Introduction

Credentials are checked once with OAuth2 (https://oauth.net/2/) and client is granted authentication token that must be passed with following calls to API.

The API support different types of credentials:

  • ClientCredentials,
  • DeviceCredentials,
  • ApplicationUserCredentials.

OAuth*Credentials are used to provide grant/flow specific credentials. Depending on credentials used to authenticate, generated token will be associated with different privileges. If multiple credentials are needed to support use case, appropriate token can be generated and regenerated before calls that require it.

OAuth2

"OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.[1] This mechanism is used by companies such as Amazon[2], Google, Facebook, Microsoft and Twitter to permit the users to share information about their accounts with third party applications or websites.

Generally, OAuth provides to clients a "secure delegated access" to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without sharing their credentials. Designed specifically to work with Hypertext Transfer Protocol (HTTP), OAuth essentially allows access tokens to be issued to third-party clients by an authorization server, with the approval of the resource owner. The third party then uses the access token to access the protected resources hosted by the resource server." [2018-03-02, https://en.wikipedia.org/wiki/OAuth]

Types of credentials

Parameters

Request

NameDescriptionTypePossible valueUsed in

grant_type

Type of credentials

string

appuser | device | client_credentials | refresh_token

(appuser | device | client_credentials | refresh_token)

client_id

Client identifier

string

hexadecimal value or key

(appuser | device | client_credentials | refresh_token)

client_secret

Client secret

string

hexadecimal value or key

(appuser | device | client_credentials | refresh_token)

username

User identifier

string


(appuser)

password

User password

string


(appuser)

device

Identifier of device from which user is connecting

string

(appuser)

deviceinfo[name]

Name of device from which user is connecting

string


(appuser)

uuid

Unique, universal identifier of device

string

/vendor/unknown/cashier/dotnettest1

(device)

refresh_tokenRefresh tokenstring282dad801f0ab7eecc072c25d425bc3f(refresh_token)

Response

NameDescriptionTypePossible value

access_token

Authentication token, use as is

string

hexadecimal value

expires_in

Seconds to expiration of token

integer

1200

token_type

Token type

string

bearer

scope

URL from which token is valid

string

https://scope.secucard.com/e/api

Error

NameDescriptionTypePossible value

error

Error class

string

invalid_client

error_description

Error textual description

string

The client credentials are invalid