Authorization
Acquiring an access token.
In order to start the authorization process, you must have a registered user on the https://www.idissuer.pl/. A user communicating through an API must have "API Access" authorization. Once you have a user, you need to use it to get an access token. When using user data, you must execute the POST method using the address:
https://api.idissuer.pl/v2/auth/token/
Message content
| Name | Type | Description |
|---|---|---|
| username | string | User name (e-mail address) |
| password | string | User password |
POST https://api.idissuer.pl/v2/auth/token
HTTP/1.1 content-type: application/json
{
"username":"{{userame}}",
"password":"{{password}}"
}
In response, you get an access token and a refreshing token.
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
{
"access_token": {
"token_type": "bearer",
"token": "eyJhbGciOiJIUzI1NiIsInR...",
"expires_in": 3600
},
"refresh_token": "5QhI6iaHkyh7Z3eNwhNxcbF2..."
}
Process of refreshing an access token
When a user executes a request for authorized content with an expired token, they will receive an answer to the request.
An exemplary answer:
HTTP/1.1 401 Unauthorized
Content-Length: 0
WWW-Authenticate: Bearer error="invalid_token", error_description="The token is expired"
Token-Expired: true
To replace a refreshing token with a new access token, execute a POST request to the following address:
https://api.idissuer.pl/v2/auth/refreshtoken
Message content
| Name | Type | Description |
|---|---|---|
| access_token | string | Access token |
| refresh_token | string | Refresh token |
POST https://api.idissuer.pl/v2/auth/token HTTP/1.1
Content-Type: application/json; charset=utf-8
{
"access_token": {
"token_type": "bearer",
"token": "eyJhbGciOiJIUzI1NiIsInR...",
"expires_in": 3600
},
"refresh_token": "5QhI6iaHkyh7Z3eNwhNxcbF2..."
}
Using an access token.
To use the ID Issuer API you need to be authorized using an access token. As mentioned above, the token must be added to the request header
Authorization: Bearer {API_Token}