request headers:
POST /oauth/token HTTP/1.1
Host: ( your API server host here, i.e. http://api.localhost:8080 )
Accept: application/json, text/plain, */*
Content-Type: application/json;charset=UTF-8
request body:
{ "client_id": "ushahidiui",
"client_secret": "35e7f0bca957836d05ca0492211b0ac707671261",
"grant_type": "password",
"username": "admin",
"password": "admin",
"scope": "posts media forms api tags savedsearches sets users stats layers config messages notifications contacts roles permissions csv dataproviders" }
which should give you a response like:
response body:
{ "access_token":"SrSAFFcWZXkhHuASUyJG2j2aCytzE1L3qzpEEjY7",
"token_type":"Bearer",
"expires":1466519207,
"expires_in":3600,
"refresh_token":"crxDIzabItL76J3FVr3Br9CVcRKbhEOzC397gLyY",
"refresh_token_expires_in":604800 }
You can authorize your further requests to the API (listing posts, creating posts, etc) by using the access token (access_token
) provided in the response. In order to do that, add an Authorization
header to each of your API requests, using the access token that you've obtained. In our example, that header would be:
Authorization: bearer SrSAFFcWZXkhHuASUyJG2j2aCytzE1L3qzpEEjY7
Once the access token is about to expire, you can get a new one by sending another request, pretty similar with the first one, just changing some of the sent information. Instead of sending user name and password again, you'll use the refresh_token
that you obtained in the first authentication request.
request headers:
POST /oauth/token HTTP/1.1
Host: ( your API server host here, i.e. http://api.localhost:8080 )
Accept: application/json, text/plain, */*
Content-Type: application/json;charset=UTF-8
request body:
{ "client_id": "ushahidiui",
"client_secret": "35e7f0bca957836d05ca0492211b0ac707671261",
"grant_type": "refresh_token",
"refresh_token": "crxDIzabItL76J3FVr3Br9CVcRKbhEOzC397gLyY" }
which should give you a response like:
response body:
{ "access_token":"HcswOL9C4P5Rif2XKhwayX0RbCdPXeudHRJxycMb",
"token_type":"Bearer",
"expires":1466526852,
"expires_in":3600}
You can keep refreshing the access token until the refresh token expires (7 days). Once the refresh token expires, you've got to log in again using the username and password credentials.
The values in the example are the values that are set up by default in any Ushahidi Platform installation. You may choose to change them (or even create a new pair) by connecting to your database and altering the contents of the oauth_clients
table.