In this article, we'll cover how you can generate an OAuth 2 token and how long you can use it. Once you receive the token you'll be able to use all of our publicly exposed endpoints - please find our article on the API here .
Note: The OAuth2 tokens generated by OfficeRnD by default will expire in 3599 seconds which is approximately 1 hour. You would need to request a new token only after the old token expires.
The first step would be to add an "Application".
You can do that by going to Settings/Developer Tools. On this page, you'll be able to see a list of all the applications that have been created.
When you're creating an application you can specify a "Name", "Description", an "Image"(if you decide to upload an image for easier differentiation between the applications) and "Permissions".
The "Permissions" are the most important part of the creation as they determine whether you'll be able to use the application to "Read", "Write" or both.
Once you create the application you'll have three buttons next to it - "Configure", "View" and "Delete".
"Configure" allows you to change the earlier parameters that you entered.
"View" is very important as it gives you the "Client ID" and "Client secret" as there are the two properties that you need in order to create the OAuth 2 token.
With the "Delete" button you can delete the application which will revoke the access of all tokens generated with the "Client ID" and "Client secret" of the application.
Now that you have you "Client ID" and "Client secret" you can make a call to our API in order to generate the token.
The URL that you need to call in order to generate the token is:
The method that you need to use in order to generate the token is POST.
The content-type header must be set to application/x-www-form-urlencoded.
The body needs to contain the following fields:
- client_id - taken from the OfficeRND application you just created.
- client_secret- taken from the OfficeRND application you just created.
- grant_type - currently we only support "client_credentials" so the value is always going to be the same.
- scope - here you can specify whether you'd like the token to have permissions to read, write or both, concatenated into a single string divided by a blank space e.g. "officernd.api.read officernd.api.write".
Note: Please note that this will take into account the permission that you've specified for the application itself. For example, if the application has only "Read" permissions you can't generate a token with "Write" permissions, as you will see an error.
If you're using Postman, please see below:
After sending the POST request you'll be able to see your token in the response body.
The property "expires_in" specifies the time in seconds for which you can use the token. All tokens are valid for 3600 seconds, i.e 1 hour.
"scope": "officernd.api.read officernd.api.write"
After you've generated the token, you can use it as authorization when invoking the different API endpoints.