Overview
This API implements the OAuth 2.0 authorization framework, providing secure access to protected resources. The implementation supports both authorization code and refresh token grant types, allowing for secure and efficient authentication flows.
1. Authorization Request
To begin the OAuth flow, clients must first request authorization. Go to the authorization url of /oauth/authorize in a browser with the following URL query parameters appended in order to grant access:
Required Parameters:
redirectUrl: The URL where users will be redirected after authorizationscope: Comma-separated list of permission scopes (e.g., 'API_MONITORING,API_INVITE_CARRIER,API_VIEW_CARRIER_INFO')clientId: Your application's client IDsignature: SHA-256 hash of the concatenated string:redirectUrl + scope + clientId + clientSecret
Example signature generation
const signature = sha256(redirectUrl + scope + clientId + clientSecret);Example Authorization URL
/oauth/authorize?redirectUrl=https://your-app.com/callback&scope=API_MONITORING,API_INVITE_CARRIER,API_VIEW_CARRIER_INFO&clientId=your-client-id&signature=generated-signature2. Receive Token
Once the user grants access, they will be redirected to the URI provided in redirectUrl with atoken query parameter.
3. Token Exchange
After receiving the authorization code, exchange it for access and refresh tokens using the /oauth/token endpoint.
Authorization Code Flow:
{
"grantType": "authorization_code",
"authorizationCode": "string",
"clientId": "string",
"signature": "string" // SHA-256 hash of grantType + authorizationCode + clientId + clientSecret
}Example signature generation:
const signature = crypto
.createHash('sha256')
.update(grantType + authorizationCode + clientId + clientSecret)
.digest('hex');The response for this request will contain an OAuth2 Token you can use to authenticate your api requests