How to obtain a server-to-server access token
Authentication
T-Gate uses the OAuth2 protocol to ensure secure and reliable authentication.
Obtaining an Access Token
This API is responsible for acquiring an access token using two different methods, each with its own body parameters and serving different needs:
- Obtaining an Access Token Using Authorization Code
- This method is used to obtain an access token for the first time using an authorization code. The authorization code is received after the user authorizes your application via T-Gate’s platform. This access token will allow your application to authenticate API requests to T-Gate.
- To learn about all the steps needed to get an authorization code, please refer to Access Grant Flow Guides.
- Obtaining an Access Token Using Refresh Token
- This method allows partners to obtain a new access token using a refresh token without requiring user re-authentication. This is useful when the initial access token has expired and needs renewal to continue making authenticated API requests to T-Gate.
Main Attributes
Attribute | Description | In |
|---|---|---|
client_id | This is a public identifier for your application. It's used to identify your application to the T-Gate authentication server. |
|
client_secret | This is a secret known only to your application and the T-Gate authentication server. |
|
code | The code attribute is a temporary authorization code that you will receive after the user authorizes your application. This code is used to request an access token. |
|
refresh_token | This is a long-lived token used to obtain a new access token without requiring user re-authentication. |
|
grant_type | Used to specify the way by which you want to obtain an access token (Using a code for the first time or using a refresh token) |
|
redirect_uri | Informs T-Gate where to redirect the user after completing the access grant flow. |
|
Your Client ID and Client Secret are unique credentials for your application that can be generated from your T-Gate's application account.
Keep your application secureThe client_secret and access_token should never be shared with anyone. Keep them secure to protect your application and data.
Code Attribute
When completing the integration flow with a company, you will receive a code attribute that allows you to request an access token for that company, head to Access Grant Flow Guides to learn more.
Access Token VS Refresh Token
- Access Token: A short-lived token used to authenticate API requests. It expires after 2 hours.
- Refresh Token: A long-lived token used to obtain a new access token without requiring user re-authentication.
Obtaining an Access Token Using Authorization Code
To obtain an access token using an authorization code:
- Acquire a
client_id,client_secret, and acode. - Use the following parameters in your request body: REQUEST_TOKEN_WITH_CODE.
- Set your client_id and client_secret into the headers using Basic Auth.
API ResponseA successful response from this API will contain both a new access_token and a new refresh_token
Obtaining an Access Token Using Refresh Token
Access tokens have an expiry period, after which they are no longer valid. To avoid disruption in your service, you should use the refresh token to obtain a new access token.
To obtain a new access token using a refresh token:
- Acquire a
client_id,client_secret, and arefresh_token. - Use the following parameters in your request body: REQUEST_TOKEN_WITH_REFRESH_TOKEN.
- Set your client_id and client_secret into the headers using Basic Auth.