Getting Access and Authorization via OAuth Token:

How to get proper authorization via OAuth Access Tokens to call OPTT project API.

To receive access and work with the desired optt project API, you’ll need to obtain a valid access token which grants you a proper authorization for your request. This document describes all the required steps and information you’ll need to know. To begin, you must place this info in the header of all requests:

1- Request URL

https://gateway.optt.ca:8092/gateway/uaa/oauth/token

2- Request Method Type
POST
3- Input type
Query Parameter

A complete example of an API call:

https://gateway.optt.ca:8092/gateway/uaa/oauth/token?password=123456&username=institute&grant_type=yourpassword

Api Inputs:

Parameter Name

Parameter Type

Description

username

string

Username of the Requester

Password

string

Requester password

grant_type

string

Always put a password

Sample Response in JSON format:

{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MDM2Njk1MDYsInVzZXJfbmFtZSI6Imluc3RpdHV0ZSIsImF1dGhvcml0aWVzIjpbIklOU1RJVFVURSJdLCJqdGkiOiI2NWJhNDFhNy05OThlLTQwZjEtYmUyYS1hMDI2YzYwZWQ3ZGQiLCJjbGllbnRfaWQiOiJvcHR0LTAyZWU3N2RjLWFjNDUtNDM0NC04MTdlLTE3Y2E1MmI1OGI1ZCIsInNjb3BlIjpbInJlYWQiLCJ3cml0ZSJdfQ.LteUnSohWZOQNs9yTLnASVDdT1w1oZ6rJJYjFmx69x32_wpb7E_d5bsB0OFsBOXXLgSC0KHR2_W9uvETxZXJ_EfEQPtyDn2zpWCLnzyeup4cfNCGw9mQymgbxNuxXAJjFpw1E1s1gs7uWLZOk5aGVOW9qhVYP7LyuVB-AQVFKydJVb0SM6nJoyKWA95N3bysR8rh-q_PWMUU7ZNLSuXUnOBe9BiG0IJK0iN-fohJQdnR8FhA2aEirbdmHvlL2NVx57QyE7Q3QX5_-0DsFWQxuUhqgEsl_Ef3zB2BZUCymugodb-fuhw1fBDO0S_dPdLShz3ghGy1PeL3rUZsWyw5Uw”,
"token_type": "bearer",
"refresh_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiJpbnN0aXR1dGUiLCJzY29wZSI6WyJyZWFkIiwid3JpdGUiXSwiYXRpIjoiNjViYTQxYTctOTk4ZS00MGYxLWJlMmEtYTAyNmM2MGVkN2RkIiwiZXhwIjoxNjAzNjY5NTA2LCJhdXRob3JpdGllcyI6WyJJTlNUSVRVVEUiXSwianRpIjoiZjQxNjJkYTUtZDlhMC00NjRkLWE1YTctNjkwNzI1NGRiNjYwIiwiY2xpZW50X2lkIjoib3B0dC0wMmVlNzdkYy1hYzQ1LTQzNDQtODE3ZS0xN2NhNTJiNThiNWQifQ.L3RuCnCBf1WYV1u9ini9VkbASdrZ0kzWBY6s7ybrasWtE1FxdvXJcBW36BSQ4BHYDjU4vzYb8KS0JmV9FeCwVUL7nF2Q5ytlYm6jbVTlTmdBMo7Kbc4xxF4XOG_qOT_tEgPv3jLzlK0XUFq_bZONF4Z_yHqQWZ0oV1aqj4oHv9hEKfnmsRihSgN3QG0twnl52hGPzUoO64CLXmmvg3iSGnZU2Ancit9Lqj4UXiaQGd2DjESngUwokAFzB3SwaUaa9idgDd-CiDA_-TyVV5qtO8toBi4YCfht8_1efwoAqw4TQ7knEEoqAxLPV5s7FPBp_FhOR6pnhkFKEEZolEkDPg",
"expires_in": 35999,
"scope": "read write",
"jti": "65ba41a7-998e-40f1-be2a-a026c60ed7dd"
}

Important Point:
It is better to save the service response in the client cache so that it can then read the token from the cache to call another API and put it in the header in next requests.

Second important point:
If the token mentioned in the service response time elapsed after the token expires, the token is no longer valid for the server.
To retrieve, you can use the API refresh token and receive a new valid token.