Auth API (v2)

Download OpenAPI description

AuthApi.json

AuthApi.yaml

Servers

Staging URL

https://apis.spotnana.com/

Spotnana mock server

https://developer.spotnana.com/_mock/openapi/authapi/

Authentication

Authentication APIs for user login, logout, and token management

Operations

Get oauth2 token

Request

Get oauth2 token using the client credentials.

Bodyapplication/x-www-form-urlencodedrequired

grant_typestringrequired

Supported values are client_credentials and urn:ietf:params:oauth:grant-type:token-exchange.

client_idstringrequired

Identifier for the API user.

client_secretstringrequired

Password

audiencestring

Identifies the API being accessed in Spotnana.

Example: "https://apis.spotnana.com/v2"

subject_tokenstring

A security token that represents the identity of the entity on whose behalf the request is being made.

subject_token_typestring

Indicates the type of the subject_token used for token exchange. This field supports the valid types as per the OAUTH 2.0 security framework.

scopestring

The list of space-delimited, case-sensitive strings, as defined in Section 3.3 of RFC6749 OAuth 2.0 framework, that allow the client to specify the desired scope of the requested security token in the context of the service or resource where the token will be used.

curl -i -X POST \
  https://apis.spotnana.com/v2/auth/oauth2-token \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d grant_type=string \
  -d client_id=string \
  -d client_secret=string \
  -d audience=https://apis.spotnana.com/v2 \
  -d subject_token=string \
  -d subject_token_type=string \
  -d scope=string

Responses

Bodyapplication/json

access_tokenstringrequired

The token to be used in subsequent API calls made to the Spotnana platform.

expires_ininteger(int32)

The length of time (in seconds) for which the access token is valid.

token_typestringrequired

A case-insensitive value specifying the method of using the access token issued, as specified in Section 7.1 of [RFC6749].

Example: "Bearer"

refresh_tokenstring

Used to fetch a new access token when the existing token expires. The refresh token will not be available if the grant_type is client_credentials.

scopestring

The list of space-delimited, case-sensitive strings, as defined in Section 3.3 of [RFC6749], that allow the client to specify the desired scope of the requested security token in the context of the service or resource where the token will be used.

Response

application/json

{
  "access_token": "string",
  "expires_in": 0,
  "token_type": "Bearer",
  "refresh_token": "string",
  "scope": "string"
}