Authenticate
Description
Bold Penguin supports OAuth2 using client credentials type grant requests. Most service requests to the Bold Penguin API must be authorized using ephemeral access tokens from the authentication service. The static tokens used for dispositioning requests are the only exception.
Access tokens are valid for 12 hours.
Prerequisites
Your account manager will provide you with a unique Client ID and Client Secret per Bold Penguin environment.
Endpoint
Staging
https://boldpenguin-auth-uat.beta.boldpenguin.com/auth/token?grant_type=client_credentials
Production
https://boldpenguin-auth.boldpenguin.com/auth/token?grant_type=client_credentials
Authentication
You submit an OAuth2 client credentials grant and receive an access_token in response. This is your bearer token for subsequent API requests.
You must submit your credentials as a basic
authentication
header. Combine your Client ID and Client Secret separated by a colon,
(client_id:client_secret), then apply Base64
encoding.
Add the basic authentication header to your request:
authorization: Basic XXxxb2VmOTdBTkxjN1pHZHNDQ0ZXazFyTjZZWWc1c0o6TXFSTVJSVzdRUGdXdllXYTRva2XxxXF2MXBkM1hhYkRmUFRkQkdFa1pQR2p2Y0pObUttd29kNGd3ZExGS3lDbx==
Methods
POST
Request Syntax
POST /auth/token?grant_type=client_credentials
authorization: Basic <base64-credentials>
Request Parameters
Query String Parameters
- grant_type
- Must be
client_credentials - Type: String
- Required: Yes
- Must be
Headers
- authorization: Basic
<base64-credentials>- See Authentication section above
- Required: Yes
Response Syntax
{
"access_token": <string>,
"token_type": "bearer",
"expires_in": <integer>,
"refresh_token": <string>,
"scope": <empty string>,
"uid": <string>,
"info": {
"name": <string>,
"email": null,
"first_name": <string>,
"last_name": <string>
}
Response Elements
- access_token
- The bearer token to provide for subsequent API requests
- Type: String
- token_type
- Type: String
- This will always be
bearer
- expires_in
- Expiration for this token is 12 hours set in seconds (43200)
- Type: Integer
- refresh_token
- Refresh tokens are not currently enabled
- Type: String
- scope
- Access scope for this token (currently an empty string)
- uid
- Unique ID for this token
- Type: String
- info
- Service client details for your account(often "Tenant Integrations Service Client")
- Type: JSON
Status Codes
- 200 Success
- 401 Unauthorized (verify client credentials and authorization header)
Examples
Example Request
curl --request POST \
--url 'https://boldpenguin-auth-uat.beta.boldpenguin.com/auth/token?grant_type=client_credentials' \
--header 'authorization: Basic XXxxb2VmOTdBTkxjN1pHZHNDQ0ZXazFyTjZZWWc1c0o6TXFSTVJSVzdRUGdXdllXYTRva2XxxXF2MXBkM1hhYkRmUFRkQkdFa1pQR2p2Y0pObUttd29kNGd3ZExGS3lDbx==' \
Example Response
{
"access_token": "7UkvNeAabPduAvyvu4XEqSCC",
"token_type": "bearer",
"expires_in": 43200,
"refresh_token": "wYwtq6NGie5paAR2XHK6uF1f",
"scope": "",
"uid": "f00718ea-3c64-45f1-99de-2ac34cea139a",
"info": {
"name": "Tenant Integrations Service Client",
"email": null,
"first_name": "Tenant Integrations",
"last_name": "Service Client"
},
"extra": {
"raw_info": {
"user_id": "8de85azr-ec20-4f2c-b8b4-0ae3c067c73b",
"tenant_id": "8823a91f-54f9-4866-aec7-67a5f1062be1",
"tenant_name": "Chuck's Agency",
"primary_user_group_id": "a621af94-f454-4ffc-b56c-08971630b622",
"user_group_ids": [
"a621af94-f454-4ffc-b56c-08971630b622"
],
"name": "Tenant Integrations Service Client",
"email": null,
"first_name": "Tenant Integrations",
"last_name": "Service Client",
"permissions": [
"Owner:8de85azr-ec20-4f2c-b8b4-0ae3c067c73b:tenants/lent_application_forms:create",
"Owner:8de85azr-ec20-4f2c-b8b4-0ae3c067c73b:exchange_application_forms:create",
"Owner:8de85azr-ec20-4f2c-b8b4-0ae3c067c73b:tenants/application_forms:create",
"Tenant:8823a91f-54f9-4866-aec7-67a5f1062be1:tenants/application_forms/clones:create"
],
"auth_uid": null,
"completed_steps": []
}
}
}