Authorization

Acquiring an access token.

In order to start the authorization process, you must have a registered user on the https://www.idissuer.pl/. A user communicating through an API must have "API Access" authorization. Once you have a user, you need to use it to get an access token. When using user data, you must execute the POST method using the address:

https://api.idissuer.pl/v2/auth/token/

Message content

Name Type Description
username string User name (e-mail address)
password string User password

POST https://api.idissuer.pl/v2/auth/token
HTTP/1.1 content-type: application/json
{
    "username":"{{userame}}",
    "password":"{{password}}"
}
                

In response, you get an access token and a refreshing token.

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
{
    "access_token": {
        "token_type": "bearer",
        "token": "eyJhbGciOiJIUzI1NiIsInR...",
        "expires_in": 3600
    },
    "refresh_token": "5QhI6iaHkyh7Z3eNwhNxcbF2..."
}
                

Process of refreshing an access token

When a user executes a request for authorized content with an expired token, they will receive an answer to the request.

An exemplary answer:

HTTP/1.1 401 Unauthorized
Content-Length: 0
WWW-Authenticate: Bearer error="invalid_token", error_description="The token is expired"
Token-Expired: true
                

To replace a refreshing token with a new access token, execute a POST request to the following address:

https://api.idissuer.pl/v2/auth/refreshtoken

Message content

Name Type Description
access_token string Access token
refresh_token string Refresh token

POST https://api.idissuer.pl/v2/auth/token HTTP/1.1 
Content-Type: application/json; charset=utf-8
{
    "access_token": {
        "token_type": "bearer",
        "token": "eyJhbGciOiJIUzI1NiIsInR...",
        "expires_in": 3600
    },
    "refresh_token": "5QhI6iaHkyh7Z3eNwhNxcbF2..."
}
                

Using an access token.

To use the ID Issuer API you need to be authorized using an access token. As mentioned above, the token must be added to the request header

Authorization: Bearer {API_Token}