OAuth Authentication
At the customer's preference, it is possible to integrate with AutoTeks APIs via OAuth client credential token grant.
OAuth integration consists of 2 basic components:
Token management (ensure your system always has a valid OAuth token available)
REST api call signing using a valid token
Token management
Before implementing token management, make sure you have a valid client_id
and client_secret
as provided by Autoek (They will be provided by your sales rep). These are the credentials you will use to get valid tokens from the AutoTek auth-broker
.
auth-broker POST call to receive a valid OAuth token
A valid token can be stored locally for use in subsequent API calls. It is recommended to calculate a safe expiry timestamp based on the expires_in property of the response body and use this to pre-emptively refresh your token when it nears expiry.
REST API call signing
With a valid AutoTek OAuth token, each REST API call that you make can be authorised by encoding the as-provided token string into your Authorization header using the Bearer prefix.
Troubleshooting
Token management
I donβt get a 200 response on my request-token calls Double-check your client_id and client_secret with AutoTek. Double-check your Basic Auth encoding. Double-check your content-type header and post-body structure.
I have a valid token but my AutoTek api calls are failing 401 response -- there may be a problem with your token, or the way Bearer Auth is being encoded in the headers.
Last updated