1. Knowledge Center
  2. Solution Center
  3. Query Service API

How Do I Authenticate to use the Query Service API?

Dave Woodman
Updated
   Community moderator

Question

How Do I Authenticate to use the Query Service API?

Answer

The credentials used to authenticate against the Assurance API are the same as your normal Vyopta user credentials.

Obtaining Authorization:

The API authentication is performed via OpenID, with the credentials being sent as an application/x-www-form-url-encoded payload to a POST request to https://login.vyopta.com/auth/realms/vyopta/protocol/openid-connect/token. The Content-Type header must be set, and a header with key of Host must also be set - this header takes a value of login.vyopta.com

 

mceclip0.png

The encoded payload contains the following key-value pairs 

  • grant_type which takes the value password
  • client_id, with value vyopta
  • username which is the vyopta user name
  • password - the vyotpa password

mceclip2.png

Upon successful authentication, a 200 response will be received with a JSON payload with the following schema

{
   "access_token": string,
   "expires_in": int,
   "refresh_expires_in": int,
   "refresh_token": string,
   "token_type": string,
   "not_before_policy: long,
   "session_state": string,
   "scope": string
}
access_token The token (beginning "eyJh") that can be used to access the API 
expires_in The period of time, in seconds, for which this token is valid (300)
refresh_expires_in The period of valid time for the refresh_token. NOT IMPLEMENTED
refresh_token A token to refresh the authentication. NOT IMPLEMENTED
token_type The authentication token type. Will have value of "bearer"
not_before_policy The start of signing key validity for the access_token
session_state Session information
scope The basis upon which the token was authenticated. Will have value of "email profile"

Once a token has expired, it is necessary to re-authenticate. Refreshing the session is not implemented. 

An example response (abbreviated) can be seen here:

{
    "access_token": "eyJhb ... -Pdl31W5g",
    "expires_in": 300,
    "refresh_expires_in": 1800,
    "refresh_token": "ey J...-H5oAwI8",
    "token_type": "bearer",
    "not-before-policy": 1533920635,
    "session_state": "dad914da-2d68-4202-a98a-146da4033e1e",
    "scope": "email profile"
}

Using the Access Token:

To use the token, add a HTTP header with key Authorization and a value comprised of the word Bearer, a single space and then the token.

In Postman this can be achieved thus:

mceclip3.png

It is worth noting that it is the developers responsibility to ensure that the token is within its period of validity.

Was this article helpful?
0 out of 1 found this helpful

Comments

0 comments

Please sign in to leave a comment.