Authentication
Oauth2
Iopole APIs uses OAuth 2.0 protocol with flow client_credentials in order to authenticate and restrict access to the solution.
This protocol impose you to ask for a token before using our APIs.
| Parameter | Value | Mandatory | Description |
|---|---|---|---|
| client_id | The Client ID | yes | The ID of the requesting client |
| client_secret | The client secret | yes | The secret of the client |
| grant_type | client_credentials | yes | Tells the token endpoint to perform the Client Credentials flow. |
| scope | Space separated string of scopes | no | List the scopes the client is requesting access to. |
RFC Documentation
Parameter : https://www.rfc-editor.org/rfc/rfc6749#section-4.4
Response : https://www.rfc-editor.org/rfc/rfc6749#section-4.4.3
Information
The
Client credentials flow allows you to obtain a token for a duration of 10 minutes, after which you will need to
request a new one.Example request for obtaining a token:
- JavaScript
- .NET
const got = require('got');
const token = await got.post('https://auth.ppd.iopole.fr//realms/iopole/protocol/openid-connect/token', {
form: {
grant_type: 'client_credentials',
client_id: 'clientId',
client_secret: 'clientSecret'
},
headers: {
'Content-type': 'application/x-www-form-urlencoded'
}).json()
using System;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Threading.Tasks;
using Newtonsoft.Json.Linq;
class Program
{
static async Task Main(string[] args)
{
string url = "https://auth.ppd.iopole.fr//realms/iopole/protocol/openid-connect/token";
var payload = new FormUrlEncodedContent(new[]
{
new KeyValuePair<string, string>("grant_type", "client_credentials"),
new KeyValuePair<string, string>("client_id", "clientId"),
new KeyValuePair<string, string>("client_secret", "clientSecret")
});
using (HttpClient client = new HttpClient())
{
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/x-www-form-urlencoded"));
HttpResponseMessage response = await client.PostAsync(url, payload);
if (response.IsSuccessStatusCode)
{
string responseString = await response.Content.ReadAsStringAsync();
JObject jsonResponse = JObject.Parse(responseString);
string token = jsonResponse["access_token"].ToString();
Console.WriteLine(token);
}
else
{
Console.WriteLine("Error: " + response.StatusCode);
}
}
}
}
Restricted access
Iopole APIs are restricted for some roles.
There are two main roles: administrator (admin) and user.
- The role administrator give the permission to manage the customization of Iopole. For example it allows to add a webhook, or add a new participant.
- The role user allows you to send an invoice, send a status, or look into the directory
Danger
Security Notice - Client Secret Management
The client secret provided for the OAuth2 Client Credentials flow must be stored securely. If you believe the client secret has been compromised, or if there is a suspicion that it might be, please contact our team immediately to request a rotation. Ensure the client secret is never exposed in logs, code, or unsecured locations
The client secret provided for the OAuth2 Client Credentials flow must be stored securely. If you believe the client secret has been compromised, or if there is a suspicion that it might be, please contact our team immediately to request a rotation. Ensure the client secret is never exposed in logs, code, or unsecured locations