OAuth2
We currently implement a system similar to oauth2 with the following grant_type:
password: Requires anusername(which is generally the user's email) and apassword.refresh_token: Requires a validrefresh_token
We currently require providing a client_id for each grant, if you don't have one please contact us at [email protected] to obtain one.
We currently don't have a way to find/create/delete refresh tokens from the UI, but you can find/use the one inside the cookies of https://app.reelevant.com under the key refresh_token.
The endpoint used to retrieve tokens with is POST https://api.reelevant.com/v2/auth/token with a application/json Content-Type.
Here is an example to get tokens based on a username/password:
curl -XPOST https://api.reelevant.com/v2/auth/token -d '{ "username": "myemail", "password": "mypassword", "grant_type": "password", client_id: "<client_id>" }'
And here is if you already have a refresh_token:
curl -XPOST https://api.reelevant.com/v2/auth/token -d '{ "refresh_token": "myrefreshtoken", "grant_type": "refresh_token", "client_id": "<client_id>" }'
After getting a valid access_token, you'll need to add it for every call to the gateway to within the Authorization header like so Authorization: Bearer ${access_token}.
Token expirations
Access token are valid for 1h after creation whereas refresh token are valid for 30 days starting from the last access token generation (so if you refresh it one a month, it doesnt expire).