OAuth 2.0 is an open authorization framework used by Bold Penguin for authentication. OAuth 2.0 allows applications to access user accounts on an HTTP service. It delegates user authentication to the service hosting the user account, which then allows the third party application access to the user account.
Bold Penguin uses authentication tokens for all service requests, such as Terminal API. These tokens are obtained using an OAuth 2 client_credentials grant request to the authentication endpoint for your terminal. The Client Credentials grant is used when applications request an access token to access their own resources, not on behalf of a user.
Once you submit a unique client_id and client_secret through basic auth, you
will receive an access_token that will be used as a bearer token for subsequent
requests. Tokens are valid for 12 hours. Note the
access_token as it will be
used for authenticating future requests. This token must be present as an HTTP
header in your application form create requests:
Authorization: Bearer <access_token>
Your Account Manager will provide you with unique ids and secrets for each environment.
The following is an example client credentials grant the service would receive.
POST /token HTTP/1.1 Host: authorization-server.com grant_type=client_credentials &client_id=xxxxxxxxxx &client_secret=xxxxxxxxxx