Devensoft API Authentication

What is OAuth 2.0?

OAuth 2.0 is an industry-standard protocol for secure authorization. It allows applications to access resources on behalf of a user or system without exposing credentials. For machine-to-machine scenarios (like API integrations), the Client Credentials Grant is commonly used.

Steps to Authenticate Using OAuth 2.0 (Client Credentials Flow)

1. Obtain Client Credentials

• You’ll need:
  • Client ID (unique identifier for your app)
  • Client Secret (secure key for authentication)
• These are typically provided in your developer portal or API settings.

2. Request an Access Token

• Make a POST request to the token endpoint:

  POST /token
  Content-Type: application/x-www-form-urlencoded
  

• Include the following form data:

  grant_type=client_credentials
  client_id=YOUR_CLIENT_ID
  client_secret=YOUR_CLIENT_SECRET
  

• Example using cURL:
   

  curl -X POST https://api.example.com/token \
  
  
  -H"Content-Type: application/x-www-form-urlencoded" \
  
  
  -d"grant_type=client_credentials&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET"

   

3. Receive the Token

• Successful response:
    

  {
  
  "access_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  
  "token_type":"bearer",
  
  "expires_in":3600
  
  }

    
• access_token: Use this for API calls.
• expires_in: Token lifetime in seconds (usually 1 hour).

4. Use the Token in API Requests

• Add the token to the Authorization header:

  Authorization: Bearer YOUR_ACCESS_TOKEN
  

• Example:
   

  curl -X GET https://api.example.com/v1/targets \

   

5. Handle Token Expiration

• Tokens expire after a set time (e.g., 3600 seconds).
• When expired, request a new token using the same process.
• Best Practice: Automate token refresh in your integration.

Security Best Practices

• Never expose client_secret in client-side code.
• Store credentials securely (e.g., environment variables, vault).
• Use HTTPS for all token and API requests.