Authentication

Fixed header

All requests made to third party servers will have the same header in the following format:

name:value

Example:

x-api-key: ‘2345fghgh5vbt45fgfgf’

The name and value can be anything the client needs.

Oauth2 token

Riskline will first make a request to a third party server to fetch a token. That token will be used for all requests until the token expires, at which moment Riskline will request a new token.

Requesting token

POST https://clienturl.com/oauth2

Body: grant_type=’client_credentials’

Headers: ‘Authorization’: 'Basic base64encodedstring'

The base64encoded string represents the following:

clientid:clientsecret

The two values for clientid and clientsecret are provided by the client.

Response Code: 200

Body: access_token=tokengoeshere experies_in=3600

This header will be sent as follows on all requests:

‘Authorization’: ‘Bearer tokengoeshere’

Did this answer your question?