VoipNow for Developers

Page tree

Versions Compared

Old Version 13

changes.mady.by.user Wikid

Saved on

compared with

New Version Current

changes.mady.by.user Wikid

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note
The App is required to use TLS when making for any of the requests described below.

Access token validity & expiration

Access token tokens obtained from VoipNow become valid as soon as they are received and can be used in API requests. Access tokens are only valid for 2 hours. After 2 hours, the access token is expired and the App must request another token or refresh it.

...

The App redirects the user to the server authorization endpoint. The App must make a HTTP POST or GET request to the authorization endpoint located at https://<hostname>/oauth/authorize.php. The App must make a request to the endpoint in order to get the token, either using GET or POST. When making the request, the header Content-Type must be set to application/x-www-form-urlencoded and the body must contain the Request Parameters listed in the table below:

NameRequiredDescription
response_typeYesAlways set to code.
redirect_uriYes

URI where the system sends the response.

Must be URL encoded if it's sent in the query parameters.

client_idYesApp Key as generated by the system at registration time.
stateNo, but recommendedYes

Parameter to be used by the App to verify if the response received from the system is valid.

From the point of view of the server, it does not matter how the state parameter is generated

Should be a random string of minimum 16 characters.

The following example shows how to make a POST request to the authorization endpoint:

...

Note
We strongly advise you to send the state parameter in the request and validate/invalidate the response received from the system, if the state does not correspond to the one initially sent.

...

The authorization code received has a 10-minute lifetime of 10 minutes.

Step 5

The App must request an access token. Using the authorization code received in the previous step, the App must make a HTTP POST request to the token endpoint located at https://<hostname>/oauth/token.php. The request URI is made using the following parameters in the body and it uses the  When making the request, the header Content-Type must be set to application/x-www-form-urlencoded format. The and the body must contain the Request Parameters are listed in the table below:

NameRequiredDescription
grant_typeYesAlways set to authorization_code
codeYesThe code received in STEP 4.
redirect_uriYesURI where the system returns the response.
client_idYesApp Key as generated by the system at registration time.
client_secretYes

App Secret as generated by the system at registration time.

Can be missing if sent in the Authorization header.

...

Note

Client authentication is performed as described in the OAuth standard: https://tools.ietf.org/html/rfc6749#section-2.3. This means that the client_id , and client_secret parameters can be sent in the Authorization header or in the body of the request.

Step 6

The App receives the access token. Assuming that the code is still valid and the operation is successful, the App receives the following response.:

Code Block
titleHTTP Response
HTTP 1.1 200 OK
...

{
 "access_token":"1|5~2wKMPg9h~GExN3s01-7wX2XmLI_Xbz|1|1345716093|O_XQYdHR0P-xMvqbVsh_OwRH7GT4.FtR",
 "expires_in":7200,
 "token_type":"Bearerbearer",
 "refresh_token":"9_s2TBCQ1y.PPzVNXkT-Gff6tB9z_bqr"
 }

...

  • access_token: Value of the access token. This value is used when making requests to APIs.
  • expires_in: Period of time, in seconds, during which the token is valid.
  • token_type: The type of the token. Only Bearer is possible.
  • refresh_token: Refresh token that can be used to regenerate the token once expired.
  • device_id: The id ID of the device associated with the token.

 When the token expires, the App can use the refresh token to generate another access_token or repeat the steps described above.

...

Note

Client authentication is performed as described in the OAuth standard: https://tools.ietf.org/html/rfc6749#section-2.3. This means that the client_id , and client_secret parameters can be sent in the Authorization header or in the body of the request.

...

Note

Client authentication is performed as described in the OAuth standard: https://tools.ietf.org/html/rfc6749#section-2.3. This means that the client_id and client_secret parameters can be sent in the Authorization header or in the body of the request.

...

At any time, the user can remove the authorization granted to the App following the recommendations in the Apps Management section.

...

Using an

...

Access Token

When making requests using one of the APIs, you can make use of accessaccess_tokens. For more details, check out the authentication section of the UnifiedAPI or SystemAPI documentation.

Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 4.0 International.