OAuth Authorization

overview the oauth system allows for vendors to set up separate credentials for their company, customer accounts, customers or individual licenses each entity has a client id and client secret (which can be set to rotate automatically) these are used to obtain an access token from the oauth endpoint, to be used for access to license api endpoints (as an alternative to api key authorization docid\ lnlwu0yzltc1fnos9voqj ) vendors can enforce a company wide mandatory oauth rule instead of api keys obtaining an access token access tokens are short lived secret strings used to authorize a client request on the api to obtain an access token from the oauth system, perform the following request once the access token is retrieved, it is used as an authentication bearer value in license api requests the expires in property in the response states the access token's ttl in seconds from the moment the token was generated required headers each client request must include the following headers date current time given as a date string in rfc7231 format note that this value is always in the gmt timezone example date tue, 07 jun 2014 20 51 35 gmt authorization this header contains the access token examples authorization bearer token string here ensure that the date header value is set to current time the server allows timestamps that are up to 15 minutes old client access permissions client id secret pairs can be scoped for the following resources company provides access to all licenses belonging to the company customer account provides access to all licenses associated to a customer account customer provides access to all licenses associated to an individual customer license provides access to one specific license each client id string states the type of scope used, e g auth company 100123 , auth customeraccount 200234 , auth customer 300345 , auth license 1000456 errors in endpoints when calling a license api endpoint using the access token authorization, the system will return an error response if the access token is not valid all returned errors have an http status code of 400 or higher, and a response body as follows { status number, code string, message string } json schema { "$schema" "https //json schema org/draft/2020 12/schema", "type" "object", "properties" { "status" { "type" "number" }, "code" { "type" "string" }, "message" { "type" "string" } }, "required" \[ "status", "code", "message" ], "additionalproperties" false } the following errors related to access tokens can be returned oauth token malformed (400) oauth token expired (400) in case oauth is enforced company wide and a request is being sent using an api key oauth required (400)