Authorization for API
All Rest API requests require a valid Token be provided in the Authorization header. The ouath2 access method provides a convenient way to obtain a valid Token. This topic is not intended to be instructive on security best practices or serve as a reference for best practices regarding the retention of the token or credentials used in the method provided. It is intended only to provide information on the available API.
The Post method should be used to obtain a token. The Get, Delete and Push methods are
not supported. The API end point is
https://ENVIRONMENTNAME/TENANCY/api/oauth2/v1/access.
ENVIRONMENTNAME should be replaced with your specific URL information that is specific to your Service endpoint.
TENANCY should be replaced with the target tenancy within the environment. This will be non-prod, pre-prod or prod.
Example: https://futurabank/non-prod/api/oauth2/v1/access
There are several headers that may be required by the methodology utilized to call the Post method on the API. The intention here is to identify those that have special consideration or maybe considered optional for other API calls.
The standard "Content-Type" header should be set to "application/json"
The body of the post is JSON and must include the required credentials. The User specified must have the Assembly related Entitlements enabled; see the 'Entitlements Guide' and the 'Transaction Type Reference' for more information.
{
"User" : "string",
"Password" : "string"
}
The success response body is JSON and will contain the token that can be passed into the Authorization header for subsequent API calls such as CommunicationAssembly. The structure of the body is {"AccessToken":"Token"} where Token represents the token itself. Example: {"AccessToken": "eyJ4NXQjUzI1NiI6Ikhzc…"} The token can be very long and is abbreviated in this example.
The failure response will be "Unauthorized" if the user and password cannot be authenticated.