Authentication oAuth2

We have several public APIs to obtain a token for API authentication, one of them is a Authentication OAuth2 API that will let you to obtain a token to use the others API's .

ENVIRONMENT ENDPOINTS#

OAuth2: Distribution API (Legacy way)#

Basically we have to do request to the url's OAuth including headers with our credentials that ONEBOX provides. We explain the process on pre-production environment.

  • The Url where to do the request is https://oauth2-pre.oneboxtickets.net/oauth/token

  • Next, we are going to prepare the required headers.

    • Content-Type: application/x-www-form-urlencoded
    • Accept: application/json
    • Authorization: Basic Y2hhbm5lbC1pbnRlZ3JhdGlvbi1jbGllbnQ6MG4zQjB4 (api key)
  • Finally, we indicate the request parameters to obtain the authoritation's token:

    • grant_type: password (literal value)
    • username: provided_user
    • password: provided_password (coded in md5)
    • channelId: provided_channel_id
    • terminal: provided_terminal_id
    • posId: provided_point_of_sale_id
    • terminalLicense: generated_terminal_license
    • psw_md5: true (boolean value)

For example with curl:

curl -X POST https://oauth2.oneboxtds.com/oauth/token \
-H 'Accept: application/json' \
-H 'Authorization: Basic Y2hhbm5lbC1pbnRlZ3JhdGlvbi1jbGllbnQ6MG4zQjB4' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=password&username=int_hello@40oneboxtm.com&password=0eb0g8a6fbcc456f246xd43476792845&channelId=9589&terminal=int_hello_onebox&posId=382&terminalLicense=R7H8-TD5W-9679-EF52&psw_md5=true'

If all it's correct, OAuth returns a structure as this:

{
"access_token": "xxxxxxxxxxxxxxxxx",
"token_type": "bearer",
"refresh_token": "xxxxxxxxxxxxxxx",
"expires_in": 43199,
"scope": "api-channels-all api-gateway",
"authInfo": "xxxxxxxxxxxxxx",
"jti": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
access_token is our token with a limit of 12 hours of expire. Congralutions!.

OAuth2: Distribution API with new the API-KEY authentication#

Now with the new API-KEY authentication system you can get the Oauth token more easily

  • The Url where to do the request is https://oauth2-pre.oneboxtickets.net/oauth/token

  • Next, we are going to prepare the required headers.

    • Content-Type: application/x-www-form-urlencoded
  • Finally, we indicate the request parameters to obtain the authoritation's token:

    • grant_type: client_credentials
    • channel_id: [channel_id_provided]
    • client_id: seller-channel-client
    • client_secret: [api_key_provided]

For example with curl:

curl --location --request POST 'https://oauth2.oneboxtds.com/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'channel_id=123' \
--data-urlencode 'client_id=seller-channel-client' \
--data-urlencode 'client_secret=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'

If all it's correct, OAuth returns a structure as this:

{
"access_token": "xxxxxxxxxxxxxxxxx",
"token_type": "bearer",
"refresh_token": "xxxxxxxxxxxxxxx",
"expires_in": 43199,
"scope": "api-channels-all api-gateway",
"authInfo": "xxxxxxxxxxxxxx",
"jti": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
access_token is our token with a limit of 12 hours of expire. Congralutions!.