Excerpt |
---|
This page describes the authorization process of third-party Apps with VoipNow. |
Table of Contents | ||
---|---|---|
|
...
Access tokens obtained from VoipNow become valid as soon as they are received and can be used in API requests. Access tokens are only valid for 2 hours1 hour. After 2 hours1 hour, the access token is expired and the App must request another token or or refresh it.
Obtain authorization
...
The App redirects the user to the server authorization endpoint. The App must make a HTTP POST or GET request to the authorization endpoint located at https://<hostname>/oauth/authorize.php. When making the request, the header Content-Type must be set to application/x-www-form-urlencoded and the body must contain the Request Parameters listed in the table below:
Name | Required | Description |
response_type | Yes | Always set to code. |
redirect_uri | Yes | URI where the system sends the response. Must be URL encoded if it's sent in the query parameters. |
client_id | Yes | App Key as generated by the system at registration time. |
state | Yes | Parameter to be used by the App to verify if the response received from the system is valid. Should be a random string of minimum 16 characters. |
The following example shows how to make a POST request to the authorization endpoint:
...
The App must request an access token. Using the authorization code received in the previous step, the App must make a HTTP POST request to the token endpoint located at https://<hostname>/oauth/token.php. When making the request, the header Content-Type must be set to application/x-www-form-urlencoded and the body must contain the Request Parameters listed in the table below:
Name | Required | Description |
---|---|---|
grant_type | Yes | Always set to authorization_code
|
code | Yes | The code received in STEP 4. |
redirect_uri | Yes | URI where the system returns the response. |
client_id | Yes | App Key as generated by the system at registration time. |
client_secret | Yes | App Secret as generated by the system at registration time. Can be missing if sent in the Authorization header. |
The following example shows how to make a POST request to the token endpoint:
...
Code Block | ||
---|---|---|
| ||
HTTP 1.1 200 OK ... { "access_token":"1|5~2wKMPg9h~GExN3s01-7wX2XmLI_Xbz|1|1345716093|O_XQYdHR0P-xMvqbVsh_OwRH7GT4.FtR", "expires_in":72003600, "token_type":"bearer", "refresh_token":"9_s2TBCQ1y.PPzVNXkT-Gff6tB9z_bqr" } |
...
The App requests an access_token. It makes a HTTP POST request to the token endpoint located at https://<hostname>/oauth/token.php. The request URI is made using the following parameters in the body and it uses the application/x-www-form-urlencoded format. The Request Parameters are listed in the table below:
Name | Required | Description |
---|---|---|
grant_type | Yes | Always set to client_credentials
|
client_id | Yes | App Key as generated by the system at registration time. |
client_secret | Yes | App Secret as generated by the system at registration time. Can be missing if it's sent in the Authorization header. |
Note |
---|
Client authentication is performed as described in the OAuth standard: https://tools.ietf.org/html/rfc6749#section-2.3. This means that the client_id and client_secret parameters can be sent in the Authorization header or in the body of the request. |
...
The App requests an access_token. It makes a HTTP POST request to the token endpoint located at https://<hostname>/oauth/token.php. The request URI is made using the following parameters in the body and it uses the application/x-www-form-urlencoded format.
Name | Required | Description |
---|---|---|
grant_type | Yes | Always set to refresh_token
|
client_id | Yes | App Key as generated by the system at registration time. |
client_secret | Yes | App Secret as generated by the system at registration time. Can be missing if it's sent in the Authorization header. |
refresh_token | Yes | The refresh token received in STEP 6 (The Request User Permission Section). |
Note |
---|
Client authentication is performed as described in the OAuth standard: https://tools.ietf.org/html/rfc6749#section-2.3. This means that the client_id and client_secret parameters can be sent in the Authorization header or in the body of the request. |
...
Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 4.0 International.