Public API v1.0 - Oauth2 Client Credentials Flow

OAuth 2.0 Protocol

The following illustration is the depiction of ForeSee’s OAuth 2.0 Client Credetials Grant Flow:

How Authentication Works

  1. Contact ForeSee to register as a new API client. A successful registration returns the client credentials (client_id, client_secret) tuple.
  2. Client uses credentials to log into the Authorization Server.
    To illustrate this process, the following call is first made: /token?grant_type=client_credentials&scope=<list of scopes for which token is needed>. This is an HTTPS POST and contains an Authorization Header that has the following format: Basic <Base 64 encoded value formed from client_id:client_secret>. Example: Basic WEpLbmhrVEtQTnRLdlVNaEs1Vk5kM01XSTlWSTBRem46OEF2VFllN1JYczL0cE1KOW1EVzg=
    Example using Postman:

    A successful authentication returns an Access Token. Example:

      "access_token": "80965804-63cc-45a8-8ce3-983da1d6ef64",
      "token_type": "bearer",
      "expires_in": 899,
      "scope": "r_basic"
  3. Client inputs the Access Token into the Authorization Header as the Bearer Token to make calls into their data, which is stored in the Resource Server.
    Example using Postman:

Other articles in this section:

  1. Using the Public API
  2. Oauth2 Client Credentials Flow (current article)