This article covers the basic authorization of a Client application which use a backend built using DotKernel API
Authorization Request
Client application users send a POST request to the backend containing the following JSON object:
{
"grant_type": "password",
"client_id": "{API_CLIENT}",
"client_secret": "{API_CLIENT_SECRET}",
"scope": "{SCOPE}",
"username": "{USERNAME/EMAIL}",
"password": "{PASSWORD}"
}
Authorization Response
If the credentials are correct, the API will return a JSON object containing the authentication data:
{
"token_type": "Bearer",
"expires_in": 86400,
"access_token": "...",
"refresh_token": "..."
}
When sending API requests to an endpoint which requires authorization, an Authorization header must be present containing the following data: "Bearer {access_token}", where {access_token} represents the content of the key with the same name found in the above response.