oauth
Authentication and Authorization
OAuth 2.0 is a protocol used to allow a user access to an API resource without having to expose their credentials.
To get access to the protected resources, OAuth 2.0 uses Access Tokens. An Access Token is a string representing the granted permissions.
Access Token Format
By default, OAuth generates Access Tokens, for API Authorization scenarios, in JSON Web Token (JWT) format. JWTs contain three parts: a header, a payload, and a signature:
The header contains metadata about the type of token and the cryptographic algorithms used to secure its contents.
The payload contains a set of claims, which are statements about the permissions that should be allowed, and other information like the intended audience and the expiration time.
The signature is used to validate that the token is trustworthy and has not been tampered with.
Using a Token
Step 1: Generate Token (Request)
Example:
curl --location --request POST 'https://api.aemo.com.au/oauth/v1/token?grant_type=client_credentials' --header 'Authorization: Basic aXdNT0V1R3gyVlJBWWswaFR4dmhJTjhvd2hXQ3hHSkg6SU1UNGdtSVpwWDFPVkE0bA=='
Configuration Item
Description
Example
URL
Generates Access token
https://api.aemo.com.au/oauth/v1/token?grant_type=client_credentials
Method
Method used to request token
POST
Parameter Name
Parameter Type
Description
Authorization
header
Client ID and Client Secret (i.e. API Key and Secret) values as a Basic Authentication header.
grant_type
query string
the value should be client_credentials
Some APIs use additional parameters in the token request. Review the individual API guides for details
Step 2: Generated Token (Response)
Example:
{
"transactionID": "890448741511466-c-gsy1-329-6131174-1",
"acess_token": "iqdiIbWggxbQjBEoph5D0NRFzOSt",
"access_token_expires_in": "3599"
}
Parameter Name
Description
Example
transactionID
Access Token Generated
890448741511466-c-gsy1-329-6131174-1
acess_token
Access Token Generated
iqdiIbWggxbQjBEoph5D0NRFzOSt
access_token_expires_in
Expiry of Access Token in seconds
3599