Authentication is via the API using the OAuth 2.0 Client Credentials Grant flow. The following sample requests demonstrate the flow of obtaining and using an access token.
Request an access token (pass your client identifier and secret in the authorization header or request body as described in the OAuth specification):
POST /token HTTP/1.1
Host:
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentialsAccess token response:
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache
{
"access_token":"2YotnFZFEjr1zCsicMWpAA",
"token_type":"bearer",
"expires_in":3600
}Use the access token to make requests:
POST /payslips HTTP/1.1
Host:
Authorization: Bearer 2YotnFZFEjr1zCsicMWpAA
Content-Type: application/json
{ /* Request body as detailed in POST /payslips model above */ }