Authenticate
Description
Bold Penguin supports OAuth2 using client credentials type grant requests. Service requests to the Bold Penguin API must be authorized using an access tokens from the authentication service.
The static tokens used for dispositioning requests are the only exception.
Access tokens are valid for 12 hours.
Prerequisites
Your account manager will provide you with a unique Client ID and Client Secret per Bold Penguin environment.
Endpoint
Staging
https://boldpenguin-auth-uat.beta.boldpenguin.com/auth/token
Production
https://boldpenguin-auth.boldpenguin.com/auth/token
Authentication
You submit an OAuth2 client credentials grant and receive an access_token in
response.
This is your bearer token for subsequent API requests.
Methods
POST
Request Syntax
curl https://boldpenguin-auth.boldpenguin.com/auth/token \
-F grant_type=client_credentials \
-F client_id=<client_id> \
-F client_secret=<client_secret>
Request Parameters
Form Data
grant_type
- Must be
client_credentials - Type: String
- Required: Yes
- Must be
client_id
- Must be your unique
client_idprovided to you by Bold Penguin - Type: String
- Required: Yes
- Must be your unique
client_secret
- Must be your unique
client_secretprovided to you by Bold Penguin - Type: String
- Required: Yes
- Must be your unique
Response Syntax
{
"access_token": <string>,
"token_type": "bearer",
"expires_in": <integer>,
"refresh_token": <string>,
"scope": <empty string>,
"uid": <string>,
"info": {
"name": <string>,
"email": null,
"first_name": <string>,
"last_name": <string>,
...
}
Response Elements
- access_token
- The bearer token to provide for subsequent API requests
- Type: String
- token_type
- Type: String
- This will always be
bearer
- expires_in
- Expiration for this token is 12 hours set in seconds (43200)
- Type: Integer
- refresh_token
- Refresh tokens are not currently enabled
- Type: String
- scope
- Access scope for this token (currently an empty string)
- uid
- Unique ID for this token
- Type: String
- info
- Service client details for your account(often "Tenant Integrations Service Client")
- Type: JSON
Status Codes
- 200 Success
- 401 Unauthorized (verify client credentials and authorization header)
Examples
Example Request
curl https://boldpenguin-auth.boldpenguin.com/auth/token \
-F grant_type=client_credentials \
-F client_id=12345abcde \
-F client_secret=<67890fghij
Example Response
{
"access_token": "7UkvNeAabPduAvyvu4XEqSCC",
"token_type": "bearer",
"expires_in": 43200,
"refresh_token": "wYwtq6NGie5paAR2XHK6uF1f",
"scope": "",
"uid": "f00718ea-3c64-45f1-99de-2ac34cea139a",
"info": {
"name": "Tenant Integrations Service Client",
"email": null,
"first_name": "Tenant Integrations",
"last_name": "Service Client"
},
"extra": {
"raw_info": {
"user_id": "8de85azr-ec20-4f2c-b8b4-0ae3c067c73b",
"tenant_id": "8823a91f-54f9-4866-aec7-67a5f1062be1",
"tenant_name": "My Agency",
"primary_user_group_id": "a621af94-f454-4ffc-b56c-08971630b622",
"user_group_ids": [
"a621af94-f454-4ffc-b56c-08971630b622"
],
"name": "Tenant Integrations Service Client",
"email": null,
"first_name": "Tenant Integrations",
"last_name": "Service Client",
"permissions": [
"Owner:8de85azr-ec20-4f2c-b8b4-0ae3c067c73b:tenants/lent_application_forms:create",
"Owner:8de85azr-ec20-4f2c-b8b4-0ae3c067c73b:exchange_application_forms:create",
"Owner:8de85azr-ec20-4f2c-b8b4-0ae3c067c73b:tenants/application_forms:create",
"Tenant:8823a91f-54f9-4866-aec7-67a5f1062be1:tenants/application_forms/clones:create"
],
"auth_uid": null,
"completed_steps": []
}
}
}