Authentication
You'll need to authenticate your requests to access any of the endpoints in the Protocol API. In this guide, we'll look at how authentication works. Protocol offers three ways to authenticate your API requests: API Token, Client Token and Authorization Code Grant With PKCE.
API Token
API Tokens are self-issued by Virtual Airline Owners or Staff with appropriate access. This type of authentication is the only method suitable for Virtual Airlines to consume our API.
You can create and revoke tokens at Orwell - Settings - API
Once you have the Bearer Token, you may use it to authenticate against our API.
Your token must not be exposed to end users.
Client Token
Client Token authentication is for our First Party applications.
This endpoint allows you to get your Authentication Token for API calls.
Required Body Attributes
- Name
grant_type- Type
- client_credentials
- Description
Type of the Grant - in this case - client_credentials
- Name
client_id- Type
- integer
- Description
Your Client ID
- Name
client_secret- Type
- string
- Description
Your Client Secret
Response
- Name
token_type- Type
- string
- Description
Type of Token - in this case - Bearer
- Name
expires_in- Type
- integer
- Description
Time in seconds until the Access Token Expires
- Name
access_token- Type
- string
- Description
Your Access Token
Request
$response = Http::asForm()->post('https://vamsys.io/oauth/token', [
'grant_type' => 'client_credentials',
'client_id' => 'client-id',
'client_secret' => 'client-secret',
]);
return $response->json();
Response
{
"token_type": "Bearer",
"expires_in": 1296000,
"access_token": "[alphanum token string]"
}
Authorization Code Grant With PKCE
Work in Progress. Documentation will follow.