Authentication

Discover how to authenticate to Transatel APIs


Before you begin it is assumed that you have a Transatel account with your client credentials.

Transatel Authentication API is an implementation of the OAuth 2.0 standard which enables API clients to obtain a security token against a client_id/client_secret couple, which will grant them access to other Transatel APIs.

To discover more about OAuth2 please refer to this site .

Request

retrieve access token
curl --location --request POST \
--header 'Authorization: Basic base64(<client_id>:<client_secret>)' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data 'grant_type=client_credentials' \
'https://api.transatel.com/authentication/api/token'

Your credentials (client_id and client_secret) must be provided using a standard Basic HTTP authentification header.
Meaning that your credentials must be concatenaded with a colon and encoded in Base64.

Response

Successful response

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJidXNpbmVzc19lbnRpdGllcyI6WyJBbnkiXSwicHJpbmNpcGFsIjoib2NzLXN1YnNjcmlwdGlvbi1vcmRlci1tYW5hZ2VyIiwic2NvcGUiOlsiQ0FUQUxPR19QUk9EVUNUU19SRUFEX1RFQ0hOSUNBTCIsIkNBVEFMT0dfUFJPRFVDVFNfUkVBRCIsIlVTRVJfUkVBRCIsIklOVkVOVE9SWV9TVUJTQ1JJUFRJT05TX1JFQUQiXSwiZXhwIjoxNjE3MjYwNTYxLCJhdXRob3JpdGllcyI6WyJST0xFX0lOVEVSTkFMX1NZU1RFTSJdLCJqdGkiOiJmOTYwNTFmNS05ZmQzLTQxMDEtYjNkZC0xZjY2Y2Q2MWUzZjIiLCJjbGllbnRfaWQiOiJvY3Mtc3Vic2NyaXB0aW9uLW9yZGVyLW1hbmFnZXIifQ.KBTlltd459_4kPV0O3OfsBTFGBtoqRxG65o_NohK1U7IuJAvIjAa8Fj4Qon1ptFrrTR5M2o8l0f9Dl0D7r0Us6Ej6OsVlFXfQKUiXwVytNUTP7POB6l56Svc5CaVqkXgFKyt7_8h6Ii6R_RteujtSzJSWX7zeLSeemxsxKNtHLLIS_HLyNdQyIsVCZWRfFhdPJVQId_p6B08_A54sAwhrT7qssSbtpG1nGzdqsHdFfaqJt9ABhPedatHNlwcWtCnFthrOrD2rv0Yf8OnRLnt-ZWtypr0cqm6U-brtZeBMhcxgzF4afKlJbKN3K3drPJRrRPjL8L9bf2YvzsDWxY5lA",
"token_type": "bearer",
"expires_in": 3600,
"scope": "CATALOG_PRODUCTS_READ CATALOG_PRODUCTS_READ_TECHNICAL INVENTORY_SUBSCRIPTIONS_READ USER_READ"
}

Unsuccessful responses

bad request
HTTP/1.1 400 Bad Request
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache
{
"error":"invalid_request",
"error_description": "Missing credentials"
}
Unauthorized
HTTP Code:401 Unauthorized
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache
{
"error":"invalid_client",
"error_description": "Client authentication failed"
}

Response parameters

Nameheader or payloadTypeDescription
Content-TypeheaderStringThe response body will be in "application/json"
access_tokenpayloadStringThe access token issued by the our OAuth server
token_typepayloadStringThe type of the token issued
expires_inpayloadNumberThe lifetime of an access token in seconds

Token lifecycle

An access_token when retrieved is valid for a limited period of time, which is indicated in the response by the field expires_in expressed in seconds.
All access_token provided for our APIs are valid for 1 hour (3600 seconds).

This means that an access_token only needs to be retrieved once it expires, and in the mean time the same access_token should be reused for all your requests.

This is generally managed automatically by all the major OAuth2 capable libraries/frameworks.