CSMS API Authentication
CSMS API Authentication
The Dreev HTTP API is secured with OAuth 2.0.
The CSMS is an OAuth Client, and will have confidential credentials: Client ID and Secret Client.
Obtaining an Access Token
The Client must exchange its credentials for an Access Token via an HTTP POST request, following the standard OAuth 2.0 Client Credentials grant.
- URL :
- Staging:
https://auth.staging.dreev.net/oauth2/token
- Production:
https://auth.production.dreev.net/oauth2/token
- Staging:
- Headers :
Content-Type: application/x-www-form-urlencoded
- HTTP Basic authentication: The
Authorization
header contains the Client ID and Client Secret as username/password, separated by:
and encoded in base64 :
Authorization: Basic Base64($CLIENT_ID:$CLIENT_SECRET)
- Parameters :
grant_type=client_credentials
(fixed value)
Example:
POST /oauth2/token HTTP/1.1
Host: auth.production.dreev.net
Authorization: Basic ZWRpc29uX2NsaWVudF9pZDplZGlzb25fY2xpZW50X3NlY3JldAo=
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
In the example above :
- Client ID =
my_client_id
- Client Secret =
my_client_secret
Base64("my_client_id:my_client_secret")
→ZWRpc29uX2NsaWVudF9pZDplZGlzb25fY2xpZW50X3NlY3JldAo=
Accessing endpoints
When calling API Endpoints, the Client must provide its Access Token in the Authorization header of each HTTP request in the following form:
Authorization: Bearer $ACCESS_TOKEN
Example:
POST /trips HTTP/1.1
Host: csms.production.dreev.net
Authorization: Bearer eyJhbGciOiJIUz...
Content-Type: application/json
{}
In this example, the Access Token is eyJhbGciOiJIUz...
Updated 7 months ago