To send any API request on behalf of an existing User successfully, the header must include an access_token. This section outlines the endpoints and authorization process for a User and your Client application.
The access_token is returned to your Client when you submit a temporary authorization_code to our OAuth server. It should then be included in the Authorization Header (Type: Bearer Token) for requests to the API.
All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authorization will also fail.
The basic sequence for generating an access_token:
- Create a User (if the User doesn't already exist)
- Present the User with Astra's OAuth module, which returns an
authorization_code - Exchange the
authorization_codefor anaccess_tokenusing the token endpoint - Use the
access_tokenin your Authorization Header for API requests for that User
If you are using Astra's OAuth module, the redirect URL will include the
authorization_code. In the Sandbox Environment, you can copy theauthorization_codefrom the module web page directly to use with API requests.