OAuth 2.0 is an open authorization framework used by Bold Penguin for authentication. OAuth 2.0 allows applications to access user accounts on an HTTP service. It delegates user authentication to the service hosting the user account, which then allows the third party application access to the user account.
Bold Penguin uses authentication tokens for all service requests, such as the Application Start API. These tokens are obtained using an OAuth 2 client_credentials grant request to the authentication endpoint for your terminal. The Client Credentials grant is used when applications request an access token to access their own resources, not on behalf of a user.
You submit your unique Client ID and Client Secret and receive an access_token
that will be used as a bearer token for subsequent requests. Tokens are valid
for 12 hours. You can re-use The
access_token for authenticating future
requests. This token must be present as an authorization header:
Authorization: Bearer <access_token>
Your Account Manager will provide you with unique ids and secrets for each environment.
The following is an example client credentials grant the service would receive.
POST /token HTTP/1.1 Host: authorization-server.com grant_type=client_credentials &client_id=xxxxxxxxxx &client_secret=xxxxxxxxxx