Here are the steps you need to follow to authorize your requests to the API:
- Get an API client ID, and client secret. This should be provided by your organization administrator.
- Make a
POST
request tohttps://garmat-gdx.us.auth0.com/oauth/token
endpoint including your client id, client secret, audience, and grant types in the body as shown in the example. - If the request is successful, it should return a JSON response containing
{"access_token": YOUR_ACCESS_TOKEN}
- For requests to the API, include an
Authorization
header that only contains the wordbearer
and your token, like:Bearer YOUR_ACCESS_TOKEN
- That should allow you to hit any of the available endpoints as shown in the final example to the right.
As a preventive measure, if you're building a client to consume the GDX API, avoid modifying your TLS-initiating application to only trust Starfield C2 as it will no longer be included in certificates generated by ACM, which we use. For more information about this, read this article
Example body for POST https://garmat-gdx.us.auth0.com/oauth/token
:
{
"client_id": "YOUR_CLIENT_ID",
"client_secret": "YOUR_CLIENT_SECRET",
"audience": "https://production-api.garmatsprayboothcustomers.com",
"grant_type": "client_credentials"
}
Example response:
{
"access_token": "JWT token",
"token_type": "Bearer"
}
Subsequent request example:
$ curl \
-X GET https://production-api.garmatsprayboothcustomers.com/booths \
-H "Authorization: Bearer YOUR_JWT_TOKEN" \