Authentication

The Verodat API employs token-based authentication to secure API requests. This guide outlines the necessary steps for users to authenticate and interact with the API.

Authentication Process

Step 1: Sign In

Users must initially authenticate by calling the signin API endpoint with their username and password. Upon successful authentication, the API will return an access token and a refresh token.

Step 2: Use Access Token

For all subsequent API requests, users must include the access token in the HTTP Authorization header using the Bearer token scheme. All requests must be made over HTTPS to ensure security.
Example of Authorization Header
Authorization: Bearer <access_token>

Step 3: Token Expiration and Renewal

Access tokens have a limited lifespan. When an access token expires, users must obtain a new one by making a POST request to the oauth/access_token endpoint. This request should include the refresh token and set the grant_type to refresh_token

Summary

1. Sign In: Authenticate with username and password to receive access and refresh tokens.
2. Authorize Requests: Include the access token in the Authorization header of each API request.
3. Token Renewal: Use the refresh token to obtain a new access token when the current one expires.
   By following these steps, users can securely interact with the Verodat API.