Authentication
Introduction
OAuth 2 is an authorization framework that enables applications to connect to APIs using tokens and access grants. GiftDeals uses Client Credentials as an authentication scheme. This allows our partners direct access to the resources without a delegation step.
Client Credentials are meant to be used on secure backends
Please only use this API on a trusted machine that you control. This is not meant for mobile or untrusted machines as the client credentials can be used to obtain the access token.
For a more in-depth overview of OAuth2 please read the following article.
Access Tokens
To use the GiftDeals API, your app must send an OAuth2 access token in an Authorization header with each request. The Authorization is for accessing the account and supplies a token that can be used for accessing the resources.
Access Flow
Obtain the access token*
First, you make a request to '''api-auth-GiftDeals.com/oauth2/token''' for production using your username as the ''client_id''' and your password as the '''client_secret'''
curl -X POST \
https://api-auth-sandbox.GiftDeals.com/oauth2/token \
-H ‘Content-Type: application/x-www-form-urlencoded’ \
-H ‘cache-control: no-cache’ \
-d ‘grant_type=client_credentials&client_id=CLIENT_ID_REPLACE_ME&client_secret=CLIENT_SECRET_REPLACE_ME’
async function getAccessToken() {
let authenticationUrl = "https://api-auth-sandbox.cardpool.com/oauth2/token";
let clientId = "CLIENT_ID_REPLACE_ME";
let clientSecret = "CLIENT_SECRET_REPLACE_ME";
let buffer = Buffer.from(clientId + ":" + clientSecret);
let base64client = buffer.toString('base64');
let token = null;
console.log("Attempting authentication...");
await axios
.post(
authenticationUrl,
qs.stringify({
grant_type: "client_credentials",
scope: "api.cardpool.com/exchange/sandbox/full-access",
client_id: clientId
}),
{
headers:
{
Accept: "application/json",
Authorization: "Basic " + base64client
}
}
)
.then(
response => {
token = response.data.access_token;
console.log(successChalk("Authentication successful"));
}
).catch(function (error) {
console.log(failChalk("Authentication failed"));
console.log(error);
});
return token;
}
HTTP/1.1 200 OK
Content-Type: application/json
{
“access_token”: “eyJraWQiOiJDV1ZMQnVxK2oyNjJmZmI2WjFmcktaQ2MxQUN2SVR0M0FhTmlzYWlMamNFPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiI1M2IwczNhdWtzN2c5YWFtZGcxNms2dGc3ZyIsInRva2VuX3VzZSI6ImFjY2VzcyIsInNjb3BlIjoiYXBpLmNhcmRwb29sLmNvbVwvZXhjaGFuZ2VcL3NhbmRib3hcL2Z1bGwtYWNjZXNzIiwiYXV0aF90aW1lIjoxNTcwMTM0MDI5LCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAudXMtZWFzdC0xLmFtYXpvbmF3cy5jb21cL3VzLWVhc3QtMV9acjRMY3ZBYVIiLCJleHAiOjE1NzAxMzc2MjksImlhdCI6MTU3MDEzNDAyOSwidmVyc2lvbiI6MiwianRpIjoiZGM4NmJkOGQtZGY5Ni00ZjFiLWExZGYtYTM2NmY0NGEwMTQxIiwiY2xpZW50X2lkIjoiNTNiMHMzYXVrczdnOWFhbWRnMTZrNnRnN2cifQ.HIkP5ye3Z_7VLYf7U2i9-hOMXkpgBQlv19qeGUXXSwCnWhLdz0xbJnA4Q4t9uTokciiJ-Lf4sE_7Na3TX0VYKMTXhdyiHlC1RZBLRn509vmb24v0BCQbp1FTuAGYH2g7MFU-TMURp5p7nlMA2UoItTkPROgN2xeeUzUBZ1LVKqFqiG4ODgFessCap1wh6K_VRfKfEroYDyf5pG55ccP2FG4X9JsmAxXmbELrFsHC18DgMcbU2oBV09b4gEicIXKTqgBqsD5uvd7-Eijc4uwCrP3MLVlMCCJVwFfXmTTDK99LZDoNi5TZ3GKSdC7BBembtSCeZjROWrsTeMkxXUBIdg”,
“expires_in”: 3600,
“token_type”: “Bearer”
}
Use the access token to make requests
When making requests, provide the returned '''access_token''' in the Authorization header, in the form '''Authorization: Bearer <access_token>'''.
For example. Here is how to call the Heartbeat:
curl --include -X GET -H 'Authorization: Bearer <access_token>' \
-H 'requestid: 123' \
-H 'x-api-key: CHANGEME' \
'https://api-sandbox.GiftDeals.com/exchange/v3/heartbeat
Updated about 4 years ago