Skip to main content

Authentication 101

Buckle up! We're diving into the world of OAuth 2.0 with client credentials. It's all about keeping your app's interactions with our API secure and smooth.


Let's Get You Set Up

Ready to get your hands dirty? Here’s how you can set up your client:

  1. Log In, Let’s Roll: Jump into your Zigned account and head over to the developer settings.
  2. Create Your API Client: Find the "API Clients" section and hit that 'Create New API Client' button.
  3. Grab Your Credentials: Once your API client is up, jot down your 'Client ID' and 'Client Secret'. Guard these like treasure – they’re your keys to our kingdom!

Access Tokens: Your API Passport


How to Get Your Token

Fire off a POST request to our /token endpoint like a pro. Here's a basic cURL example:

Requesting a token
curl -X POST http://localhost:4000/oauth/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET"

Decoding the Token Response

Hit the jackpot? You'll get something like below. Use the access token in subsequent API requests.

Access token response
{
    "access_token": "your_access_token",
    "token_type": "Bearer",
    "expires_in": 10000000
}

Test Drive Your Token

Now, let’s take that token for a spin:

Authenticated API request
curl -X GET http://localhost:4000/oauth/test \
  -H "Authorization: Bearer your_access_token"

Long-Lasting Tokens

Our tokens are like fine wine – they last a long time. But remember, store them safely!


Revoking Tokens

Changed your mind? Revoke that token like this:

Revoke an access token
curl -X DELETE http://localhost:4000/oauth/token/YOUR_ACCESS_TOKEN

Want to Dig Deeper?

Thirsty for more knowledge? Hop over to the next sections where we dive deeper into the world of tokens and authentication.