Authenticate via the http://contactclientcredentials method
Use case
The http://contactclientcredentials method is strictly limited to server-to-server calls.
Authentication steps
The http://contactclientcredentials method provides an identified access without requiring approval from an end user. Unlike client_credentials, this method is therefore nominal.
Since it does not validate a username and password combination, this method is limited to use cases where the third party (your application) can securely protect the application’s registration data.
Here are the general steps:
- Step 1: You provide the information related to the application registration and the user.
- Step 2: You receive an access token
Step 1: Provide the application credentials and user information
Make a POST request to https://{api_base_url}/{client_token}/oauth/v2/token with the following parameters:
| parameter | location | description |
|---|---|---|
api_base_url | Query | The API URL you want to use. This varies depending on the integration or production environment |
client_token | Query | Each club chain has its unique Resamania identifier called client_token |
grant_type | Body | The method name, which must be set to "http" |
client_id | Body | Each registered application has an identifier with the OAuth server called client_id |
client_secret | Body | Each registered application has a secret string with the OAuth server called client_secret |
email | Body | The email of the club member for whom you want to connect |
Example request
bash
curl --location 'https://{api_base_url}/{client_token}/oauth/v2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'x-gravitee-api-key: c803xxx-yyyy-zzz-xxxx-f635b354435a' \
--data-urlencode 'client_id=123_xxxxxxxxxxxxxxxxx' \
--data-urlencode 'client_secret=******************' \
--data-urlencode 'grant_type=http://contactclientcredentials' \
--data-urlencode 'email={email}}'Step 2 - Receive the access token
The OAuth server API will return the following information in response:
json5
{
"access_token":"{access_token}",
"expires_in":{expires_in},
"token_type":"bearer",
"scope":{scope},
"refresh_token":"{refresh_token}"
}| parameter | description |
|---|---|
access_token | The JWT token required for any request to the Resamania API |
expires_in | The validity duration in seconds of the access token |
token_type | The type of access token, which for Resamania is always Bearer |
scope | The specific scope(s) linked to the access token |
refresh_token | The new token to refresh access |