Authentication

Our APIs utilize the OAuth 2.0 framework for secure and seamless authentication. OAuth 2.0 provides various grant types to cater to different scenarios.

Here are the primary authentication endpoints that you can use to be authenticated before using any of our APIs

Client Credentials Grant

POST https://iam.ants.tech/oauth/token

The Client Credentials Grant API is designed for client applications to obtain an accessToken in the OAuth2.0 process before it could be able to make any other further requests to our APIs.

Headers

Name	Type	Description
Content-Type*	String	application/x-www-form-urlencoded

Name

Type

Description

Content-Type*

String

application/x-www-form-urlencoded

Request Body

Name Type Description

Name	Type	Description
grant_type*	String	Fixed value: `client_credentials`
client_id*	String	Your provided app Client ID. For example, `26156a86-b739-4c6b-9de2-314228c3e6e5`
client_secret*	String	Your provided app Client Secret. For example, `ECOTBQNP44IFPCVMQNSZ`
scope*	String	Your requested scope. Currently, our APIs support these 4 kinds of scope: - `item` To access our BO data - `event` To access our event data - `profile`To access our customer data - `promotion`To access our promotion data You can request multiple scopes by separating them by a comma.

grant_type*

String

Fixed value: client_credentials

client_id*

String

Your provided app Client ID. For example, 26156a86-b739-4c6b-9de2-314228c3e6e5

client_secret*

String

Your provided app Client Secret. For example, ECOTBQNP44IFPCVMQNSZ

scope*

String

Your requested scope. Currently, our APIs support these 4 kinds of scope:

- item To access our BO data

- event To access our event data

- profileTo access our customer data

- promotionTo access our promotion data

You can request multiple scopes by separating them by a comma.

{
    "accessToken": "5474r2x214z26484u2e4y4a403q5e4z5m4j4b403s526",
    "accessTokenExpiresAt": "2023-08-10T12:41:57.643Z",
    "scope": "item"
}

{
    "statusCode": 400,
    "status": 400,
    "code": 400,
    "message": "Invalid scope: Requested scope is invalid",
    "name": "invalid_scope"
}

Refresh Token Grant

POST https://iam.ants.tech/oauth/token

The Refresh Token grant is an OAuth 2.0 authentication flow that allows clients to obtain a new access token and optionally a new refresh token, using a refresh token that was previously issued. This grant type is useful to extend the validity of an access token without requiring the user to re-enter their credentials.

Headers

Name	Type	Description
Content-Type*	String	application/x-www-form-urlencoded

Name

Type

Description

Content-Type*

String

application/x-www-form-urlencoded

Request Body

Name Type Description

Name	Type	Description
refresh_token*	String	The refresh token obtained from a previous authorization grant. For example, eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE2Njg3NjQzMzUxNzEsImV4cCI6MTcwMDMwMDMzNTE3MX0.7gWYfhloKffgU5y7IS7WYZtFr601LPT7zeeeq7wfd0s
grant_type*	String	Fixed value: `refresh_token`
client_id*	String	Your provided app Client ID. For example, f512a40f-294c-4d32-a29b-868dbef40de7
client_secret*	String	Your provided app Client Secret. For example, 123123

refresh_token*

String

The refresh token obtained from a previous authorization grant. For example, eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE2Njg3NjQzMzUxNzEsImV4cCI6MTcwMDMwMDMzNTE3MX0.7gWYfhloKffgU5y7IS7WYZtFr601LPT7zeeeq7wfd0s

grant_type*

String

Fixed value: refresh_token

client_id*

String

Your provided app Client ID. For example, f512a40f-294c-4d32-a29b-868dbef40de7

client_secret*

String

Your provided app Client Secret. For example, 123123

PreviousPrerequisites NextProfile API

Last updated 1 year ago