Authentication

The 1GLOBAL API adopts OAuth 2.0 with Client Credentials as its authentication mechanism, ensuring secure access to protected resources on behalf of a client application.

Although the same token can be used in multiple API calls, please be aware that these tokens have a limited duration so you need to include refresh logic in the client code, so that the token gets refreshed automatically without breaking your processing sequence.

Below is an explanation of how to obtain an access token using the Client Credentials flow, accompanied by examples.

Fetch an Access Token

1. Obtain your client credentials: Refer Getting Access

2. Request an Access Token: To request an access token from the authorization server, initiate an HTTP POST request to the token endpoint. Include the following parameters:

   • grant_type: Set to client_credentials.
   • token_url: authentication server endpoint.
   • client_id: Your organization's client ID.
   • client_secret: Your organization's client secret.

3. Receive the Access Token: Upon successful authentication, you receive an access token.

cURL Example

curl -X POST \
  https://your-auth-server.com/token \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'grant_type=client_credentials&client_id=your_client_id&client_secret=your_client_secret'

Postman Example

1. Create a new request.
2. In the Authorization tab, set type to OAuth 2.0.
3. Fill in the Configure New Token form with the following values:

• Grant Type: Client Credentials
• Access Token URL: https://api.1global.com/auth/realms/enterprise-apis/protocol/openid-connect/token
• Client ID: your_client_id
• Client secret: your_client_secret

4. Click Get New Access Token, a popup 'Authentication complete' appears.
5. In the Manage Access Tokens popup, select Use Token. Once you have a token value generated and added, it appears in the request headers.
6. Proceed with your request. The generated token is valid for 5 minutes.