Security Requirement
base_url: https://demo.etranzact.com/bankit-api/antPeer/v1
Overview
AntPeer utilizes OAuth2.0 and all Application endpoints are authenticated by default and therefore require that a service maintain a valid token for access to the resource server. A raw json encoded text is sent in the body of a POST request to https://{base_url}/auth/token
for both token generation and token refresh.
Token request:
- Sample Request
- Sample Response
Parameter | Type | Description | Required |
---|---|---|---|
username | string | Client application’s username | Yes |
password | string | Client application’s password | Yes |
POST / auth/token
curl `${base_url}/auth/token`
-H "Content-type: application/json"
-d '{
"username": "user.username",
"password" : "user.passwd"
}
-X POST
Standard OAuth2.0 parameters are returned in json format, in body of response. Below is a sample response:
Parameter | Type | Description | Mandatory |
---|---|---|---|
access_token | string | Access token to be used when making calls to all APIs | Yes |
expires_in | integer | Time in seconds for token expiration | Yes |
refresh_expires_in | integer | Time in seconds for refresh token expiration | Yes |
token_type | string | Token type | Yes |
id_token | string | Ignore | No |
not-before-policy | integer | Ignore | Yes |
session_state | string | Ignore | Yes |
scope | string | Ignore, not implemented | Yes |
refreshToken | string | Hashed refresh token | Yes |
POST / auth/token
{
"access_token": "hashed access token",
"expires_in": 900,
"refresh_expires_in": 1800,
"token_type": "bearer",
"id_token": null,
"not-before-policy": 1635768787,
"session_state": "",
"scope": "",
"refresh_token": "hashed access token"
}
Token refresh request:
- Sample Request
- Sample Response
Parameter | Type | Description | Required |
---|---|---|---|
refresh_token | string | Refresh token received during the initial token generation or last refresh. | Yes |
grant_type | string | Defaults to “refresh_token” | Yes |
POST / auth/token
curl `${base_url}/auth/token`
-H "Content-type: application/json"
-d '{
"refresh_token": "string",
"grant_type": "refresh_token"
}
-X POST
Standard Oauth2 parameters are returned in json format, in body of response. Below is a sample response:
Parameter | Type | Description | Mandatory |
---|---|---|---|
access_token | string | Access token to be used when making calls to all APIs | Yes |
expires_in | integer | Time in seconds for token expiration | Yes |
refresh_expires_in | integer | Time in seconds for refresh token expiration | Yes |
token_type | string | Token type | Yes |
id_token | string | Ignore | No |
not-before-policy | integer | Ignore | Yes |
session_state | string | Ignore | Yes |
scope | string | Ignore, not implemented | Yes |
refreshToken | string | Hashed refresh token | Yes |
POST / auth/token
{
"access_token": "hashed access token",
"expires_in": 900,
"refresh_expires_in": 1800,
"token_type": "bearer",
"id_token": null,
"not-before-policy": 1635768787,
"session_state": "",
"scope": "",
"refresh_token": "hashed access token"
}