Authentication
This page will help you get authenticated with the API so you can start issuing API requests
πLogin Endpoint
To interact with the API securely, you first need to obtain a JSON Web Token (JWT).
Start by sending a HTTP POST request to the Authenticate endpoint - Upon successful authentication, the API will return a JWT within the authentication_tokenfield, which is a token that confirms the identity and permissions.
Once you have the JWT, include it in the Authorization header of all subsequent requests to the API. This ensures that your requests are authorized, and identifies the Partner which you are currently authenticated against.
For example, you would format your request header as Authorization: Bearer {token}, replacing {token} with the actual token received within authentication_token
π§ User Authentication
Only where a real user is been authenticated should you use a username (eMail) and password, within the authentication requests to the platform.
π» App Token / Server Authentication
Where a Server/Platform is authenticating with OVOne, you should first create a static Application Token rather than User/Password, the authentication to the Authenticate endpoint, can then include just the application_token value, and omit the username and password
π Token Expiry
All tokens returned will be valid until the expiry_time, after which point a new authentication must be performed, or refreshed via the refresh_tokenalso returned - It is recommended to perform the refresh more than 30min before the expiry_time but no more frequent than hourly.
You should call the Refresh API with your latest web token json_web_token and last refresh token for the session refresh_token , at which point a new JWT authentication_token, refresh_token and expiry_time will be provided.
Updated 10 months ago