Authentication

OAuth 2.0 is an authorization protocol that gives an API client limited access to user data on a web server. GitHub, Google, and Facebook APIs notably use it. OAuth relies on authentication scenarios called flows, which allow the resource owner (user) to share the protected content from the resource server without sharing their credentials. For that purpose, an OAuth 2.0 server issues access tokens that the client applications can use to access protected resources on behalf of the resource owner.

NXTsoft utilizes Client Credentials grant type – Intended for the server-to-server authentication, this flow describes an approach when the client application acts on its own behalf rather than on behalf of any individual user. In most scenarios, this flow provides the means to allow users specify their credentials in the client application, so it can access the resources under the client’s control.

To access your API, you must request an Access Token for it. To do so, you will need to POST to the token URL.

For additional information see OAuth2 section of the document.

Copy
Copied
  curl --request POST \
    --url 'https://auth.nxtsoft.com/oauth2/token' \
    --header 'content-type: application/x-www-form-urlencoded' \
    --data grant_type= client_credentials \
    --data client_id= YOUR_CLIENT_ID \
    --data client_secret= YOUR_CLIENT_SECRET

Parameters

  • grant_type : Set this to client_credentials .
  • client_id : Your application's Client ID. You can find this value in the Sample Credentials section of the document.
  • client_secret : Your application's Client Secret. You can find this value on the application's settings tab.

The following is a sample response from requesting an access token using cURL:

Copy
Copied
 {
    "access_token": "eyJraWQiOiJyVk1SeUtqelBpRll5eWJWZFFIRmE2b1oxa1E3MlJhVENvSW9ENWdZSGJrPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiIxNmVjNG5hOWF2ODAxMWliajloc2tmOXVtZiIsInRva2VuX3VzZSI6ImFjY2VzcyIsInNjb3BlIjoidHJhbnNhY3Rpb25zXC9wb3N0IiwiYXV0aF90aW1lIjoxNjI2MzY0OTkxLCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAudXMtd2VzdC0yLmFtYXpvbmF3cy5jb21cL3VzLXdlc3QtMl91NTY2V21yUEsiLCJleHAiOjE2MjYzNjg1OTEsImlhdCI6MTYyNjM2NDk5MSwidmVyc2lvbiI6MiwianRpIjoiYzE3Y2ExYmMtNWExMi00MTMzLThjZWQtMjE3MzBmMTlkNTMwIiwiY2xpZW50X2lkIjoiMTZlYzRuYTlhdjgwMTFpYmo5aHNrZjl1bWYifQ.a7HG-tP1JBsJwvmwMuLAGh3XesC17e2wXQZMyyQIVJgziITtF9ZH1s4ZCoo2nAKqMJSnZV-4LGEhzj6yRR9xIh3ExLNWJMBgyA6BOMyd5c1y4gGQIZsBQ1yvz2VOfw5dsIzqU_UU-VjaxjuWssSargyJoi-urRgetNcAUOyY84A0tb6q7EHIZTtZwzP6kjfclFn_a5xfBIQYrZi9JsdMj0GokRAJRwVT0o1SxiiYwF3EhOf7j0dO_TvYy9ICVTJxIotTgmKT12ANNNJKveJ7IW06k2jSoc24IiBX2uWhOBW26YjdXMlevTYx0chmZ1PGu-pHnKGH0GHWKmAMyMGnzA",
    "expires_in": 3600,
    "token_type": "Bearer"
}

OAuth2

This API uses OAuth 2 with the clientCredentials grant flow.

Security Scheme Type OAuth2
clientCredentials OAuth Flow
  • Token URL: https://auth.nxtsoft.com/oauth2/token
  • Scopes:
  • transactions/mock - Post a validation message.