Client APIs

# Authentication and Authorization

Version

This page is for the Client API v2. For the Client API v3 documentation, please see the authentication and authorization page.

To ensure the security and authorization of client transactions on uniqrewards/v2 API, OAuth 2.0 (opens new window) authorization is implemented as the standard for REST APIs.

It is a two steps process from the client point of view. First, an authorization token for the Vouchers resource needs to be requested with credentials verification. Then, Vouchers requests can be made using the authorization token.

Two sets of credentials will be provided to you to interact with uniqrewards/v2 API:

  1. client_id and client_secret will be used to request the authorization token.
  2. X-Client-Id and X-Client-Secret will be used to perform Vouchers requests in combination with the authorization token.

This guarantees that the credentials used in the token request are not passed in the Vouchers requests, limiting the impact of eventual compromised messages.

Authentication and Authorization flow chart

  1. Authorization Token Request
    • uses client_id and client_secret
  2. Authorization Token
    • returns the authorization token (or bearer token)
  3. Vouchers request (Request Vouchers or Check Vouchers) with X-Client-Id and X-Client-Secret and the Authorization token
  4. Internal verification request of the Authorization token
  5. Internal verification response
  6. Vouchers response

# The OAuth 2.0 Authorization Token:

In order to make requests to our APIs, you need to have a valid OAuth 2.0 Bearer token.

Our token are valid for 1 hour.

The token shall be added to your API requests as an Authorization header.

The token can be used multiple times during its validity period.

For more technical information on how to get the authorization token, check our technical documentation (opens new window).

# Example of Authorization Token Request

Sample values in this section are not valid credentials, they can't be used to query the API.

POST https://api.demo.uniqrewards.com/v2/connect/token

Content-Type: application/x-www-form-urlencoded

formatted from application/x-www-form-urlencoded

client_id: "c51c14a698634fa88753ac1462e2335e"
client_secret: "8718e9067fc24b1faf8f4cdffa545bae"
grant_type: "client_credentials"
scope: "requested-scope"
  • grant_type is client_credentials for requesting authorization to use the Vouchers requests.
  • scope will define which authorization is requested. We will provide you the needed scope for Vouchers requests.

# Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=UTF-8

{
    "access_token": "77F309C43E153B286FE6BB1FBB2A901C15DDA9F619E82B4522EDE988B8C409CF",
    "expires_in": 3600,
    "token_type": "Bearer",
    "scope": "requested-scope"
}

Request Vouchers