Authenticate via the http://clubclientcredentials method
Use case
The http://clubclientcredentials method is strictly limited to server-to-server calls.
Authentication steps
The http://clubclientcredentials method provides a non-nominal access linked to a club.
Since it does not validate a username and password combination, this method is limited to use cases where the third party (your application) is able to securely protect the application’s registration data.
Here are the general steps:
- Step 1: You provide the information related to the application registration and the club.
- Step 2: You receive an access token
Step 1: Provide the application credentials and user information
Make a POST request to https://{api_base_url}/{client_token}/oauth/v2/token with the following parameters:
| parameter | location | description |
|---|---|---|
api_base_url | Query | The API URL you want to use. This varies depending on the integration or production environment |
client_token | Query | Each club chain has its unique Resamania identifier called client_token |
grant_type | Body | The method name, which must be set to "http" |
client_id | Body | Each registered application has an identifier with the OAuth server called client_id |
client_secret | Body | Each registered application has a secret string with the OAuth server called client_secret |
clubId | Body | The club IRI for which you want to connect |
Example request
bash
curl --location 'https://{api_base_url}/{client_token}/oauth/v2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'x-gravitee-api-key: c803xxx-yyyy-zzz-xxxx-f635b354435a' \
--data-urlencode 'client_id=123_xxxxxxxxxxxxxxxxx' \
--data-urlencode 'client_secret=******************' \
--data-urlencode 'grant_type=http://clubclientcredentials' \
--data-urlencode 'clubId=/{client_token}/clubs/1234'Step 2 - Receive the access token
The OAuth server API will return the following information in response:
json5
{
"access_token":"{access_token}",
"expires_in":{expires_in},
"token_type":"bearer",
"scope":{scope},
"refresh_token":"{refresh_token}"
}| parameter | description |
|---|---|
access_token | The JWT token required for any request to the Resamania API |
expires_in | The validity duration in seconds of the access token |
token_type | The type of access token, which for Resamania is always Bearer |
scope | The specific scope(s) linked to the access token |
refresh_token | The new token to refresh access |