{"id":9991,"date":"2024-06-10T10:59:09","date_gmt":"2024-06-10T10:59:09","guid":{"rendered":"https:\/\/www.purewl.com\/developer\/docs\/api-reference\/api-reference\/api-access-authentication\/"},"modified":"2025-02-19T10:25:09","modified_gmt":"2025-02-19T10:25:09","slug":"api-access-authentication","status":"publish","type":"docs","link":"https:\/\/www.purewl.com\/developer\/guides\/api\/api-reference\/api-access-authentication\/","title":{"rendered":"API Access Authentication"},"content":{"rendered":"\n<p><strong>An access token is a bearer token issued by an authorization server to a client application.<\/strong> It represents the authorization granted to the client to access specific resources or perform actions on behalf of the resource owner.<\/p>\n\n\n\n<p><strong>Key Characteristics:<\/strong><\/p>\n\n\n\n<ul>\n<li><strong>Short-lived:<\/strong> Access tokens typically have a limited lifespan to enhance security.<\/li>\n\n\n\n<li><strong>Bearer Token:<\/strong> This means the client presents the access token in the authorization header of requests to protected resources.<\/li>\n\n\n\n<li><strong>Scope-based:<\/strong> Access tokens often incorporate scopes, defining the specific permissions granted to the client.<\/li>\n\n\n\n<li><strong>Secret:<\/strong> Access tokens should be treated as secret and never exposed to the end-user.<\/li>\n<\/ul>\n\n\n\n<p><strong>Purpose:<\/strong><\/p>\n\n\n\n<ul>\n<li><strong>Authorization:<\/strong> Validates the client&#8217;s identity and permissions for accessing protected resources.<\/li>\n\n\n\n<li><strong>Delegation:<\/strong> This enables the client to act on behalf of the resource owner.<\/li>\n\n\n\n<li><strong>Security:<\/strong> Protects resources from unauthorized access.<\/li>\n<\/ul>\n\n\n\n<p><strong>Additional Notes:<\/strong><\/p>\n\n\n\n<ul>\n<li>Access tokens are often used in conjunction with refresh tokens to obtain new access tokens when they expire.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Get Access Token<\/h3>\n\n\n\n<p>Get an Access Token by utilising an authorised Secret Key. The API will return the Access Token along with its expiry and Refresh Token.<\/p>\n\n\n\n<p>To obtain a renewed access token after the expiry, initiate the same API call using a valid Refresh Token.<\/p>\n\n\n\n<ul>\n<li><strong>URL:&nbsp;<\/strong>&lt;base url&gt;\/auth\/v1\/accessToken<\/li>\n\n\n\n<li><strong>Request Method:&nbsp;<\/strong>POST<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Payload<\/strong><\/h3>\n\n\n\n<figure class=\"wp-block-table is-style-regular\"><table><thead><tr><th class=\"has-text-align-left\" data-align=\"left\"><strong>Key<\/strong><\/th><th><strong>Type<\/strong><\/th><th><strong>Pass in<\/strong><\/th><th class=\"has-text-align-left\" data-align=\"left\"><strong>Description<\/strong><\/th><\/tr><\/thead><tbody><tr><td class=\"has-text-align-left\" data-align=\"left\"><code>secretKey<\/code>*<\/td><td>String<\/td><td>Body<\/td><td class=\"has-text-align-left\" data-align=\"left\">Refresh Token provided in the previous call of \u201caccessToken\u201d made with grant type <strong>secret<\/strong><br>Mandatory if <code>grantType<\/code> is <strong>refresh<\/strong><\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\"><code>refreshToken<\/code><\/td><td>String<\/td><td>Body<\/td><td class=\"has-text-align-left\" data-align=\"left\">Refresh Token provided in the previous call of \u201caccessToken\u201d made with grant type <strong>secret<\/strong><br>Mandatory if <code>grantType<\/code> is <strong>refresh<\/strong><\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\"><code>grantType<\/code>*<\/td><td>String<\/td><td>Body<\/td><td class=\"has-text-align-left\" data-align=\"left\">This identifies that accessToken will be granted via which medium<br>Possible mediums are:&nbsp;<strong>secret | refresh<\/strong><\/td><\/tr><\/tbody><\/table><figcaption class=\"wp-element-caption\">(*) Required Parameter<\/figcaption><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Response<\/strong><\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><th class=\"has-text-align-left\" data-align=\"left\">Key<\/th><th class=\"has-text-align-left\" data-align=\"left\">Type<\/th><th class=\"has-text-align-left\" data-align=\"left\">Description<\/th><\/tr><\/thead><tbody><tr><td class=\"has-text-align-left\" data-align=\"left\"><code>header<\/code><\/td><td class=\"has-text-align-left\" data-align=\"left\">JSON<\/td><td class=\"has-text-align-left\" data-align=\"left\">JSON object that describes the return code and message.<\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\"><code>body<\/code><\/td><td class=\"has-text-align-left\" data-align=\"left\">JSON<\/td><td class=\"has-text-align-left\" data-align=\"left\">JSON object that returns access token, refresh token, expiry (in seconds), and reseller ID.<\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\"><code>accessToken<\/code><\/td><td class=\"has-text-align-left\" data-align=\"left\">String<\/td><td class=\"has-text-align-left\" data-align=\"left\">This will be used in the header (X-AccessToken) for authentication of API\u2019s.<\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\"><code>refreshToken<\/code><\/td><td class=\"has-text-align-left\" data-align=\"left\">String<\/td><td class=\"has-text-align-left\" data-align=\"left\">This will be used in the next accessToken call with the refreshToken and <code>grantType<\/code> set to <strong>refresh<\/strong>.<\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\"><code>expiry<\/code><\/td><td class=\"has-text-align-left\" data-align=\"left\">int<\/td><td class=\"has-text-align-left\" data-align=\"left\">This is the number of seconds for which the accessToken is valid.<\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\"><code>resellerId<\/code><\/td><td class=\"has-text-align-left\" data-align=\"left\">int<\/td><td class=\"has-text-align-left\" data-align=\"left\">This is the partner account ID.<\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\"><code>resellerUid<\/code><\/td><td class=\"has-text-align-left\" data-align=\"left\">String<\/td><td class=\"has-text-align-left\" data-align=\"left\">This is the unique identifier of the partner account.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism off-numbers lang-bash\" data-lang=\"Bash\"><code>POST \/auth\/v1\/accessToken\n\ncurl &#39;https:\/\/atomapi.com\/auth\/v1\/accessToken&#39; \\\n  --header &#39;Content-Type: application\/x-www-form-urlencoded&#39; \\\n  --header &#39;Accept: application\/json&#39; \\\n  -d &#39;secretKey=SECRET_KEY_GOES_HERE&grantType=secret&#39; <\/code><\/pre><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Sample Response<\/h3>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism off-numbers lang-json\" data-lang=\"JSON\"><code>{\n  &quot;header&quot;: {\n    &quot;code&quot;: 1,\n    &quot;message&quot;: &quot;success&quot;\n    &quot;response_code&quot;: 1\n  },\n  &quot;body&quot;: {\n    &quot;accessToken&quot;: &quot;xxxxxxxx&quot;,\n    &quot;refreshToken&quot;: &quot;xxxxxxxx&quot;,\n    &quot;expiry&quot;: xxxxxxxx,\n    &quot;resellerId&quot;: &quot;xxxxxxxx&quot;\n    &quot;resellerUid&quot;: &quot;xxxxxxxx&quot;\n  }\n}<\/code><\/pre><\/div>\n","protected":false},"excerpt":{"rendered":"<p>An access token is a bearer token issued by an authorization server to a client application. It represents the authorization granted to the client to access specific resources or perform actions on behalf of the resource owner. Key Characteristics: Purpose: Additional Notes: Get Access Token Get an Access Token by utilising an authorised Secret Key. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":9987,"menu_order":1,"comment_status":"open","ping_status":"closed","template":"","doc_tag":[],"acf":[],"_links":{"self":[{"href":"https:\/\/www.purewl.com\/developer\/wp-json\/wp\/v2\/docs\/9991"}],"collection":[{"href":"https:\/\/www.purewl.com\/developer\/wp-json\/wp\/v2\/docs"}],"about":[{"href":"https:\/\/www.purewl.com\/developer\/wp-json\/wp\/v2\/types\/docs"}],"author":[{"embeddable":true,"href":"https:\/\/www.purewl.com\/developer\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.purewl.com\/developer\/wp-json\/wp\/v2\/comments?post=9991"}],"version-history":[{"count":32,"href":"https:\/\/www.purewl.com\/developer\/wp-json\/wp\/v2\/docs\/9991\/revisions"}],"predecessor-version":[{"id":10707,"href":"https:\/\/www.purewl.com\/developer\/wp-json\/wp\/v2\/docs\/9991\/revisions\/10707"}],"up":[{"embeddable":true,"href":"https:\/\/www.purewl.com\/developer\/wp-json\/wp\/v2\/docs\/9987"}],"wp:attachment":[{"href":"https:\/\/www.purewl.com\/developer\/wp-json\/wp\/v2\/media?parent=9991"}],"wp:term":[{"taxonomy":"doc_tag","embeddable":true,"href":"https:\/\/www.purewl.com\/developer\/wp-json\/wp\/v2\/doc_tag?post=9991"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}