Terminal Authentication

Overview

OAuth 2.0 is an open authorization framework used by Bold Penguin for authentication. OAuth 2.0 allows applications to access user accounts on an HTTP service. It delegates user authentication to the service hosting the user account, which then allows the third party application access to the user account.

Bold Penguin uses authentication tokens for all service requests, such as the Quote Start API. These tokens are obtained using an OAuth 2 client_credentials grant request to the authentication endpoint for your terminal. The Client Credentials grant is used when applications request an access token to access their own resources, not on behalf of a user.

You submit your unique Client ID and Client Secret and receive an access_token that will be used as a bearer token for subsequent requests. Tokens are valid for 12 hours. You can re-use The access_token for authenticating future requests. This token must be present as an authorization header:

Authorization: Bearer <access_token>

Your Account Manager will provide you with unique ids and secrets for each environment.

Example

The following is an example client credentials grant the service would receive.

POST /token HTTP/1.1
Host: authorization-server.com

grant_type=client_credentials
&client_id=xxxxxxxxxx
&client_secret=xxxxxxxxxx