API Authentication

OKQ8 supports Oauth2 with Client Credentials flow. Each client has a client_id and a client_secret along with parameters specifying the limited scopesent to the API via POST to receive an access token which is used for subsequent calls.

OAuth 2.0 token endpoint - https://login.microsoftonline.com/a53d724c-15ea-4469-a987-82a5b30ec167/oauth2/v2.0/token

Scope is nothing but the API name, which OKQ8 has provided each API along with specific access levels like - api://apim-xxxxx-xxxxx-api/.default

(.default specifies default access level, other access levels may be - get, post, put, delete)

DEMO REQUEST: Authentication

curl -X POST 'https://login.microsoftonline.com/a53d724c-15ea-4469-a987-82a5b30ec167/oauth2/v2.0/token' -H "Content-Type: application/x-www-form-urlencoded" -d 'grant_type=client_credentials&client_id=xxxxxxxx-xxxx-xxxx-xxxxxx-xxxxxxxxxx&client_secret=xxxxxxxxxxxxxxxxxxxxxxx&scope=api%3A%2F%2Fapim-xxxxx-xxxxx-api%2F.default'

DEMO RESPONSE: Authentication

HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/json; charset=utf-8 Expires: -1 Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 6abfe8d2-a2b6-4a4e-b0a9-f6a97ddf9f00 x-ms-ests-server: 2.1.11898.12 - NEULR2 ProdSlices Set-Cookie: fpc=AhnzB1NSHFVHqPNvtbC5udiBKrogAQAAAGKxmdgOAAAA; expires=Wed, 01-Sep-2021 09:26:59 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly Set-Cookie: stsservicecookie=estsfd; path=/; secure; samesite=none; httponly Date: Mon, 02 Aug 2021 09:26:59 GMT Content-Length: 1236 {"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik1uQ19WWmNBVGZNNXBP..."}

An access_token is valid for one(1) hour.

A new access_token can be requested any time. If a request to the API is issued with a non valid access_token a http-response with the HTTP-header 401 is returned such as HTTP/1.1 401 Unauthorized. With the use of a valid access_token request to the API can be done as the example below.

Note: Client Credentials and Access Tokens needs to be treated securely, It is how you securely identify your application's rights and identity when accessing the OKQ8 API. Do not distribute Client Credentials or Access Tokens in email, distributed native applications, client-side javascript, or public code repositories.

Example request with access_token

curl -i -X GET -H "Authorization: Bearer <access_token>" <api-url-to-object>

Please send email to integration@okq8.se to help you to get required clientId and clientSecret.