Authentication

Initial/Refresh Authentication

Most Zquared API (ZQAPI) requests are protected behind an Oath2.0 Resource Owner Password Grant authentication method.

In order to make calls to protected endpoints, you will first want to request an authentication token. You can also request refresh tokens based on an initial token if you want to keep your authentication session alive.

Initial Call

POST /authenticate

{

"grant_type": "password",

"client_id": "XXXXXXXXX",

"client_secret": "XXXXXXXXX",

"username": "username",

"password": "password"

}

RESPONSE

{

"access_token": "XXXXXXXX",

"expiration": 3600,

"token_type": "bearer",

"refresh_token": "XXXXXXXXX"

}

Refresh Call

POST /authenticate

{

"grant_type": "refresh_token",

"client_id": "XXXXXXXXX",

"client_secret": "XXXXXXXXX",

"refresh_token": "XXXXXXXXX"

}

RESPONSE

{

"access_token": "XXXXXXXX",

"expiration": 3600,

"token_type": "bearer",

"refresh_token": "XXXXXXXXX"

}

The access_token provided by the Response object should be sent in a Bearer Token header in every subsequent request.

---

Verification

To verify if an access_token is still valid, use the following endpoint.

Successful Validation

GET /authenticate/validate

RESPONSE

true

Unsuccessful Validation

GET /authenticate/validate

RESPONSE

false