Getting and Managing OAuth Tokens for Third Party API Integrations

  • 1
  • Question
  • Updated 2 years ago
  • Answered
  • (Edited)
In this article we explain how to get and manage OAuth Token from the VOS Developer APIs. These tokens can be use by 3rd party application to integrate advanced functionality like I-Frames from the VOS UI.

1. Registering a new Application

Use VOS Developer REST APIs,and Expand "Client Apps": 



You will see these calls, click "Post":



In the expanded area click "ModelSchema" to fill in the "redirect_uri" for your application, and then click "Try it out" to perform the action:




After successful POST in the response body, you will see (actual values will be different):




The fields client_id, client_secret and redirect_uri will be used later for authentication.

Please be sure to save the client_secret, because it is not possible to retrieve it later. If you lose it you will need to register a new application, remember to delete your old client_id.

Now you have successfully registered new application.



2. Obtain Access Token

  • Open your favorite http-client.
  • Insert actual values you received when registering your application and perform GET request on
server_address/oauth/authorize?client_id=client_id_value&response_type=code&redirect_uri=redirect_uri_value
For Example

  • The response should be a URL redirect (response code-302 Found) with the Location header set to:
Location:localhost:8086/oauth/string?code=f7ZPOY
  • You should retrieve code query-param, which in our case is code=f7ZPOY Using code parameter, you will perform POST request with headers set:
POSTserver_address/oauth/tokenHTTP/1.1
Authorization:Basicbase64encode(client_id:client_secret)
Content-Type:application/x-www-form-urlencoded
  • Where base64encode is Base64 encoding of client_id:client_secret you can use online service to encode. In our example it is:
base64encode(client_id:client_secret)=base64encode(0d3de095-c991-48a1-8111-ad12a81e6b6d:a437cca6e49e367d08a6d6c13a01c0b7)=MGQzZGUwOTUtYzk5MS00OGExLTgxMTEtYWQxMmE4MWU2YjZkOmE0MzdjY2E2ZTQ5ZTM2N2QwOGE2ZDZjMTNhMDFjMGI3
  • Fill in the body of POST request using your code and redirect_uri values:
code=f7ZPOY&redirect_uri=string&grant_type=authorization_code
  • The overall setting should look like this:



  • The request should return JASON response:
"access_token":"a5c46ee5-23c6-4e01-a63a-3c89527fa4c7",
"token_type":"bearer",
"refresh_token":"b1ff8219-bd46-4754-abf7-6ebe070f5a7a",
"expires_in":43199,
"scope":"trust" 
  • Now you can access to protected resources with access_token you have just got using HTTPHeader:
Authorization:Bearer a5c46ee5-23c6-4e01-a63a-3c89527fa4c7

Enjoy...
Photo of Moore

Moore, Product Architect

  • 400 Points 250 badge 2x thumb

Posted 2 years ago

  • 1

Be the first to post a reply!