Authentication
Discover how to authenticate to Transatel APIs
Before you begin it is assumed that you have a Transatel account with your client credentials.
Transatel Authentication
API is an implementation of the OAuth 2.0 standard which enables API clients to obtain a security token against a client_id
/client_secret
couple, which will grant them access to other Transatel APIs.
To discover more about OAuth2
please refer to this site .
Request
curl --location --request POST \ --header 'Authorization: Basic base64(<client_id>:<client_secret>)' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data 'grant_type=client_credentials' \ 'https://api.transatel.com/authentication/api/token'
Your credentials (
client_id
andclient_secret
) must be provided using a standardBasic HTTP
authentification header.
Meaning that your credentials must be concatenaded with a colon and encoded inBase64
.
Response
Successful response
HTTP/1.1 200 OKContent-Type: application/json;charset=UTF-8{ "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJidXNpbmVzc19lbnRpdGllcyI6WyJBbnkiXSwicHJpbmNpcGFsIjoib2NzLXN1YnNjcmlwdGlvbi1vcmRlci1tYW5hZ2VyIiwic2NvcGUiOlsiQ0FUQUxPR19QUk9EVUNUU19SRUFEX1RFQ0hOSUNBTCIsIkNBVEFMT0dfUFJPRFVDVFNfUkVBRCIsIlVTRVJfUkVBRCIsIklOVkVOVE9SWV9TVUJTQ1JJUFRJT05TX1JFQUQiXSwiZXhwIjoxNjE3MjYwNTYxLCJhdXRob3JpdGllcyI6WyJST0xFX0lOVEVSTkFMX1NZU1RFTSJdLCJqdGkiOiJmOTYwNTFmNS05ZmQzLTQxMDEtYjNkZC0xZjY2Y2Q2MWUzZjIiLCJjbGllbnRfaWQiOiJvY3Mtc3Vic2NyaXB0aW9uLW9yZGVyLW1hbmFnZXIifQ.KBTlltd459_4kPV0O3OfsBTFGBtoqRxG65o_NohK1U7IuJAvIjAa8Fj4Qon1ptFrrTR5M2o8l0f9Dl0D7r0Us6Ej6OsVlFXfQKUiXwVytNUTP7POB6l56Svc5CaVqkXgFKyt7_8h6Ii6R_RteujtSzJSWX7zeLSeemxsxKNtHLLIS_HLyNdQyIsVCZWRfFhdPJVQId_p6B08_A54sAwhrT7qssSbtpG1nGzdqsHdFfaqJt9ABhPedatHNlwcWtCnFthrOrD2rv0Yf8OnRLnt-ZWtypr0cqm6U-brtZeBMhcxgzF4afKlJbKN3K3drPJRrRPjL8L9bf2YvzsDWxY5lA", "token_type": "bearer", "expires_in": 3600, "scope": "CATALOG_PRODUCTS_READ CATALOG_PRODUCTS_READ_TECHNICAL INVENTORY_SUBSCRIPTIONS_READ USER_READ"}
Unsuccessful responses
HTTP/1.1 400 Bad RequestContent-Type: application/json;charset=UTF-8Cache-Control: no-storePragma: no-cache{ "error":"invalid_request", "error_description": "Missing credentials"}
HTTP Code:401 UnauthorizedContent-Type: application/json;charset=UTF-8Cache-Control: no-storePragma: no-cache{ "error":"invalid_client", "error_description": "Client authentication failed"}
Response parameters
Name | header or payload | Type | Description |
---|---|---|---|
Content-Type | header | String | The response body will be in "application/json" |
access_token | payload | String | The access token issued by the our OAuth server |
token_type | payload | String | The type of the token issued |
expires_in | payload | Number | The lifetime of an access token in seconds |
Token lifecycle
An access_token
when retrieved is valid for a limited period of time, which is indicated in the response by the field expires_in
expressed in seconds.
All access_token
provided for our APIs are valid for 1 hour (3600 seconds).
This means that an access_token
only needs to be retrieved once it expires, and in the mean time the same access_token
should be reused for all your requests.
This is generally managed automatically by all the major OAuth2
capable libraries/frameworks.