Skip to content

Authentication Basics

Before you can start using any service you need a valid token which you can receive through authentication. Enreach API uses OAuth 2.0. This token is then needed to be provided for every API call made.

The authentication flows supported at the moment are:

Find below the flow to authenticate and collect the information, such as account id, required to interact with the Enreach API.

Sequence of authentication and profile reading

sequenceDiagram Actor->>Authentication API: Request authentication Note right of Authentication API: See "Example of authentication flows" below Authentication API-->>Actor: Authenticated! Actor->>Authentication API: GET profile Note right of Authentication API: See "Example of collecting profile of authenticated user" below Authentication API-->>Actor: OK!

Let's look into code examples of the supported authentication flows.

To authenticate to Enreach API, the client_id and client_secret are required. Please reach your contact person for this information.

Examples

client_credentials authentication flow

sequenceDiagram Actor->>Authentication API: Request authentication Authentication API-->>Actor: Authenticated!

POST oauth/token

Request Headers:
content-type:"application/x-www-form-urlencoded"
host:"api.host.url"

Request Body:
grant_type:"client_credentials"
scope:""
client_id:"your client id"
client_secret:"your client secret"
Response Body: 
{
    "access_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
    "refresh_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
    "token_type":"bearer"
}

authorization_code authentication flow

sequenceDiagram Actor->>Authentication API: Request authorization code Authentication API-->>Actor: Redirect to authorization prompt Note right of Authentication API: User name and password will be asked Actor->>Authentication API: Authenticate Authentication API-->>Actor: Authorization code Actor->>Authentication API: Request access token Note right of Authentication API: Validate authorization code, client id and client secret Authentication API-->>Actor: Access Token Note right of Authentication API: Use Access Token
POST oauth/authorize?response_type=code&client_id=your_client_id&redirect_uri=your_redirect_uri

Request Headers:
content-type:"application/x-www-form-urlencoded"
host:"api.host.url"

Request Body:
username:"your username"
password:"your password"

POST oauth/token

Request Headers:
content-type:"application/x-www-form-urlencoded"
host:"api.host.url"

Request Body:
grant_type=authorization_code
code=your_authorization_code_from_previous_response
client_id=your_client_id
client_secret=your_client_secret
redirect_uri=your_redirect_uri

Response Body: 

{
    "access_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
    "refresh_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
    "token_type":"bearer"
}

The access_token should be sent in each subsequent request as Authorization Header. See an example in "Example of collecting profile of authenticated user" below.

Collecting profile of authenticated user

Once the authentication is successful, another request should be executed to get the profile of the API client. 

GET v1/profile

Request Headers:
authorization:"Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
host:"api.host.url"
Response Body: 
{
    "account_id": "cd14708b-cecf-4b2e-a207-1721ff46f8c1",
    "user_id": "245c73c8-9a11-499a-ae7d-f82b4c38ed7d",
    "user_name": "your_display_name", 
    "web_login_name": "your_email"
}
Where account_id is the UUID of the parent account of the logged in user, to be used in next references as Wholesaler UUID. And the user_name is the display name described here