Authentication
OAuth 2.0 is currently the only supported method of authentication.
Authorization URL
We recommend adding a shortcut button to your application that will allow you to quickly redirect to your app's authorization page.
This page is bare-bones at the moment but performs the necessary steps to authenticate your application.
https://portal.autocartel.com/oauth/authorize?client_id={CLIENT_ID}&response_type=code&redirect_uri={REDIRECT_URI}
The portal will redirect back to your system with a code parameter in the URL:
{REDIRECT_URI}?code=1234567890asdfghjkl
You will exchange this code to receive your access and refresh token.
Token Exchange
With the code provided by the authentication server, you can use that to exchange for an access token and refresh token.
The endpoint and required parameters for the exchange is:
POSThttps://portal.autocartel.com/oauth/token
- grant_type=authorization_code
- client_id={CLIENT_ID}
- client_secret={CLIENT_SECRET}
- redirect_uri={REDIRECT_URI}
- code={CODE}
The access token will be used as a Bearer token in the Authorization header for all requests to the API.
Authorization: Bearer {ACCESS_TOKEN}
Refreshing Tokens
We recommend refreshing the token daily for security purposes. The current expiration for access tokens is set to 3 days and refresh tokens are set to 7 days.
To refresh tokens, the format is:
POSThttps://portal.autocartel.com/oauth/token
- grant_type=refresh_token
- client_id={CLIENT_ID}
- client_secret={CLIENT_SECRET}
- redirect_uri={REDIRECT_URI}
- refresh_token={CODE}