Authorization
The API uses OAuth standards for the highest level of security. OAuth ensures that only approved users and programs can access particular resources, protecting the confidentiality and integrity of data.
Note
All of the dynamic values required to make any API calls under the authorization
section and should be provided by RANE have been explicitly stated on
respective Request Formatter
Get Access Token
An access token is a discrete, irrevocable, secure string of characters that acts as a digital key. After a successful authentication process, it is often granted to users or apps and is used to access restricted resources, services, or data inside of an application or API. Access tokens are essential for maintaining controlled and secure access to particular functionality while safeguarding sensitive user data.
Request
Method : POST
curl --location '<replace-with-auth-host>/realms/<realm>/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'client_id=<client_id>' \
--data-urlencode 'username=<username>' \
--data-urlencode 'password=<password>'
Request Formatter
clientid : unique identifier assigned to a client application that wants to request access tokens and authenticate users (will be provided by RANE while onboarding)
username : username for a specific user (will be provided by RANE while onboarding)
password : password provided for specific user (will be provided by RANE while onboarding).
Response
{
"access_token": <access_token>,
"expires_in": 300,
"refresh_expires_in": 2592000,
"refresh_token": <refresh_token>,
"token_type": "Bearer",
"not-before-policy": 1695371695,
"session_state": "baad0936-d376-4226-9f73-c8d7246acfc6",
"scope": "microprofile-jwt profile email offline_access"
}
Response Formatter
access_token : The access token provided on response will be validated by api to authorize user access.
expires_in : Time duration for as long as access token is valid
refresh_token : The token that can be used to request new access token. (keep securely will be useful in consecutive requests)
refresh_expires_in : Time duration until refresh token is valid for. (this will have longer expiration time.)
Refresh Token
After the first access token expires, a refresh token is a durable credential that can be used to get a new access token. It enables continued access to secured sites without forcing the user to repeatedly provide their login information. In order to increase the security and usability of authentication systems, refresh tokens are safely held and then swapped for new access tokens.
Request
Method : POST
curl --location '<replace-with-auth-host>/realms/<realm>/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=refresh_token' \
--data-urlencode 'client_id=<client_id>' \
--data-urlencode 'refresh_token=<current_refresh_token>' \
--data-urlencode 'scope=openid'
Request Formatter
clientid : unique identifier assigned to a client application that wants to request access tokens and authenticate users (will be provided by RANE while onboarding)
refresh_token : refresh token provided on first access token request
Response
{
"access_token": {{access_token}},
"expires_in": 300,
"refresh_expires_in": 2592000,
"refresh_token": {{refresh_token}},
"token_type": "Bearer",
"not-before-policy": 1695371695,
"session_state": "baad0936-d376-4226-9f73-c8d7246acfc6",
"scope": "microprofile-jwt profile email offline_access"
}
Response Formatter
access_token : The access token provided on response will be validated by api to authorize user access.
expires_in : Time duration for as long as access token is valid
refresh_token : The token that can be used to request new access token
refresh_expires_in : Time duration until refresh token is valid for. (this will have longer expiration time)