Token
POST
/api/oAuth/tokenTo obtain an authentication token, meticulously follow these steps:
- Gather Essential Information:
- Authorization Code: Retrieve the code from the successful authorization request.
- Client Identifier (client_id): Obtain this string from the RETM Dev Portal.
- Client Secret (client_secret): Securely retrieve this string from the RETM Dev Portal.
- Construct the POST Request:
- Method:
POST
- URL:
- Staging:
https://sandbox.retm.sa/api/oAuth/token
- Production:
https://{business_id}.retm.sa/api/oAuth/token
- Staging:
- Method:
:::highlight yellow 💡
Replace {business_id}
with the actual business ID.
:::
- Request Body:
{
"code": "YOUR_AUTHORIZATION_CODE",
"grant_type": "authorization_code",
"client_id": "YOUR_CLIENT_ID",
"client_secret": "YOUR_CLIENT_SECRET"
}
- Carefully Handle the Response:
- Upon successful authentication, the response will contain the authentication token, token type, expiration time, and potentially a refresh token.
- Inspect the response for any potential errors and handle them accordingly.
Key Considerations:
- Secure Credential Storage: Never store your client ID or client secret in plain text. Utilize secure storage mechanisms to safeguard them.
- Environment-Specific URLs: Employ the appropriate URL based on the API environment you're interacting with (staging or production).
- Business ID in Production: For production requests, remember to incorporate the business ID within the URL.
By adhering to these guidelines, you'll effectively acquire authentication tokens and securely interact with RETM APIs.
Request
Body Params application/json
grant_type
stringÂ
required
code
stringÂ
required
client_id
stringÂ
required
client_secret
stringÂ
required
redirect_url
stringÂ
required
Example
{
"grant_type": "authorization_code",
"code": "tviqe2gQQ",
"client_id": "wEHMT9PPvuX",
"client_secret": "e5868ebb4445fc2ad9f949956c1cb9ddefa0d421",
"redirect_url": ""
}
Responses
Token(200)
HTTP Code:Â 200
Content Type :Â JSONapplication/json
Data Schema
access_token
stringÂ
required
token_type
stringÂ
required
expires_in
integerÂ
required
ExampleToken
{
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3NhbmRib3gucmV0bS5zYS9hcGkvb0F1dGgvdG9rZW4iLCJpYXQiOjE2ODcyODI4MjQsImV4cCI6MTY4ODQ5MjQyNCwibmJmIjoxNjg3MjgyODI0LCJqdGkiOiJOWXlLdXRHQ1VLNUVISDFLIiwic3ViIjoiMyIsInBydiI6IjZkNmE2NWUyYjkzMjQ5MDc1YzZjNGVkMzY2ZGI2NzRmNGVlY2FkNjMifQ.C9KmICgDAOP_Rf_GXo3esGWpehn8Ufy3ZDhc3FfWtMo",
"token_type": "bearer",
"expires_in": 1209600
}
Modified at 9 months ago