To send any API request on behalf of an existing User successfully, the header must include an
access_token. This section outlines the endpoints and authorization process for a User and your Client application.
access_token is returned to your Client when you submit a temporary
authorization_code to our OAuth server. It should then be included in the Authorization Header (Type: Bearer Token) for requests to the API.
All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authorization will also fail.
The basic sequence for generating an
- Create a User (if the User doesn't already exist)
- Present the User with Astra's OAuth module, which returns an
- Exchange the
access_tokenusing the token endpoint
- Use the
access_tokenin your Authorization Header for API requests for that User
If you are using Astra's OAuth module, the redirect URL will include the
authorization_code. In the Sandbox Environment, you can copy the
authorization_codefrom the module web page directly to use with API requests.