# OAuth Authentication

At the customer's preference, it is possible to integrate with AutoTeks APIs via OAuth client credential token grant.

OAuth integration consists of 2 basic components:

1. Token management (ensure your system always has a valid OAuth token available)
2. REST api call signing using a valid token

### Token management <a href="#token-management" id="token-management"></a>

Before implementing token management, make sure you have a valid `client_id` and `client_secret` as provided by Autoek (They will be provided by your sales rep). These are the credentials you will use to get valid tokens from the AutoTek `auth-broker`.

#### auth-broker POST call to receive a valid OAuth token <a href="#auth-broker-post-call-to-receive-a-valid-oauth-token" id="auth-broker-post-call-to-receive-a-valid-oauth-token"></a>

```bash
POST https://api.autograb.com.au/auth-broker/request-token

Post body
{ grant_type: client_credentials }
Headers 
Content-Type: application/x-www-form-urlencoded
Authorization
Basic Auth of form client_id:client_secret Base64 encoded

Sample success response body
{
    "access_token": "[obfuscated-token-string]",
    "expires_in": 3599,
    "scope": "",
    "token_type": "bearer"
}
```

A valid token can be stored locally for use in subsequent API calls. It is recommended to calculate a safe expiry timestamp based on the expires\_in property of the response body and use this to pre-emptively refresh your token when it nears expiry.

### REST API call signing <a href="#rest-api-call-signing" id="rest-api-call-signing"></a>

With a valid AutoTek OAuth token, each REST API call that you make can be authorised by encoding the as-provided token string into your Authorization header using the Bearer prefix.

#### Troubleshooting <a href="#troubleshooting" id="troubleshooting"></a>

**Token management**

* *I don’t get a 200 response on my request-token calls* Double-check your client\_id and client\_secret with AutoTek. Double-check your Basic Auth encoding. Double-check your content-type header and post-body structure.
* *I have a valid token but my AutoTek api calls are failing* 401 response -- there may be a problem with your token, or the way Bearer Auth is being encoded in the headers.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://devhub.autotek.my/authentication/oauth-authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.