Authentication Token
Overview
HTTPS with OAuth2 2LO mode is very similar to HTTPS with Basic Authentication, except that it includes an extra API call to an authentication server to obtain short-lived authorization Bearer tokens to be used in each request.
In general, this method is considered more secure than basic authentication, since it is safe to log the entirety of the HTTP traffic (including headers) without compromising the credentials (since the tokens expire within 1 hour). When possible, RapidSOS recommends the use of this mode instead of Basic Authentication.
Audience
This document is intended for developers that are familiar with RESTful APIs, authentication processes (i.e. OAuth 2.0), and API integration. Knowledge of the JSON data format can be helpful when reviewing this material.
Authentication
Most RapidSOS interfaces are authenticated via TWO-LEGGED OAUTH2 (2LO). This entails retrieving a short-lived OAuth 2.0 access token granted using application client credentials.
Depending on the API interfaces you are interacting with, you will use either the "client credentials" or "password" grant types for obtaining an access token. These are described as follows:
- Client Credentials Grant Type: Used to authenticate your application's access to the API
- Password Grant Type: Used to authenticate your application’s access to the API as well as an individual user’s access to specific resources
The token is valid for authenticating requests to the API for one hour, after which a new token for future requests will need to be fetched. Details for retrieving and using one of these tokens are described below.
Getting An Authentication Token
For more details on the two different methods to retrieve an authentication token, please refer to the API documentation. These methods include getting an authentication token using a password grant type, or by using the password grant type.
TEST CREDENTIALS
Please contact [email protected] for test credentials.