Skip to main content

Authentication OAuth2

We have several public APIs to obtain a token for API authentication, one of them is a Authentication OAuth2 API that will let you to obtain a token to use the others API's .

ENVIRONMENT ENDPOINTS#

OAuth2: How to obtain the Distribution API and API Catalog access token for a sales channel#

With the new API-KEY authentication system you can get the Oauth token for a sales channel more easily

  • The Url where to do the request is https://oauth2-pre.oneboxtickets.net/oauth/token

  • Next, we are going to prepare the required headers.

    • Content-Type: application/x-www-form-urlencoded
  • Finally, we indicate the request parameters to obtain the authoritation's token:

    • grant_type: client_credentials
    • channel_id: [channel_id_provided]
    • client_id: seller-channel-client
    • client_secret: [api_key_provided]

For example with curl:

curl --location --request POST 'https://oauth2.oneboxtds.com/oauth/token' \--header 'Content-Type: application/x-www-form-urlencoded' \--data-urlencode 'grant_type=client_credentials' \--data-urlencode 'channel_id=123' \--data-urlencode 'client_id=seller-channel-client' \--data-urlencode 'client_secret=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'

If all it's correct, OAuth returns a structure as this:

{    "access_token": "xxxxxxxxxxxxxxxxx",    "token_type": "bearer",    "refresh_token": "xxxxxxxxxxxxxxx",    "expires_in": 43199,    "scope": "api-channels-all api-gateway",    "authInfo": "xxxxxxxxxxxxxx",    "jti": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"}  
access_token is our token with a limit of 12 hours of expire. Congralutions!.

OAuth2: How to obtain the access token for Access Control or for Orders Management API for after sales tools#

With the authentication by Password you can get the Oauth token in the following way:

  • The Url where to do the request is https://oauth2-pre.oneboxtickets.net/oauth/token

  • Next, we are going to prepare the required headers.

    • Content-Type: application/x-www-form-urlencoded
  • Finally, we indicate the request parameters to obtain the authoritation's token:

    • grant_type: password
    • username: Username (provided)
    • password: Password (provided)

For example with curl:

curl --location --request POST 'https://oauth2-pre.oneboxtickets.net/oauth/token' \--header 'Content-Type: application/x-www-form-urlencoded' \--header 'Authorization: Basic b25lYm94LWNsaWVudDpvY2VhbnRlY2g=' \--data-urlencode 'grant_type=password' \--data-urlencode 'username={{username}}' \--data-urlencode 'password={{password}}'

If all it's correct, OAuth returns a structure as this:

{    "access_token": "xxxxxxxxxxxxxxxxx",    "token_type": "bearer",    "refresh_token": "xxxxxxxxxxxxxxx",    "expires_in": 43199,    "scope": "api-adm-all api-tickets-all api-clients api-orders-mgmt-all api-mgmt-all api-customers-mgmt-all api-monitoring-all",    "authInfo": "xxxxxxxxxxxxxx",    "jti": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"}  
access_token is our token with a limit of 12 hours of expire. Congralutions!.

OAuth2: Distribution API (Legacy way)#

Note: This authentication method still works but is obsolete so it is no longer used for new integrations.

Basically we have to do request to the url's OAuth including headers with our credentials that ONEBOX provides. We explain the process on pre-production environment.

  • The Url where to do the request is https://oauth2-pre.oneboxtickets.net/oauth/token

  • Next, we are going to prepare the required headers.

    • Content-Type: application/x-www-form-urlencoded
    • Accept: application/json
    • Authorization: Basic Y2hhbm5lbC1pbnRlZ3JhdGlvbi1jbGllbnQ6MG4zQjB4 (api key)
  • Finally, we indicate the request parameters to obtain the authoritation's token:

    • grant_type: password (literal value)
    • username: provided_user
    • password: provided_password (coded in md5)
    • channelId: provided_channel_id
    • terminal: provided_terminal_id
    • posId: provided_point_of_sale_id
    • terminalLicense: generated_terminal_license
    • psw_md5: true (boolean value)

For example with curl:

curl -X POST https://oauth2.oneboxtds.com/oauth/token \-H 'Accept: application/json' \-H 'Authorization: Basic Y2hhbm5lbC1pbnRlZ3JhdGlvbi1jbGllbnQ6MG4zQjB4' \-H 'Content-Type: application/x-www-form-urlencoded' \-d 'grant_type=password&username=int_hello@40oneboxtm.com&password=0eb0g8a6fbcc456f246xd43476792845&channelId=9589&terminal=int_hello_onebox&posId=382&terminalLicense=R7H8-TD5W-9679-EF52&psw_md5=true'

If all it's correct, OAuth returns a structure as this:

{    "access_token": "xxxxxxxxxxxxxxxxx",    "token_type": "bearer",    "refresh_token": "xxxxxxxxxxxxxxx",    "expires_in": 43199,    "scope": "api-channels-all api-gateway",    "authInfo": "xxxxxxxxxxxxxx",    "jti": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"}  
access_token is our token with a limit of 12 hours of expire. Congralutions!.