Menu

Please select your page
Home > Documentation > Get Started > Authentication

Authentication

The Subscription Payment API uses access tokens to authenticate requests. The initial token exchange follows the OAuth2.0 flow. To get the JWT, you must have Riverty's Subscription Payments client id and your client secret. The next step is to send these credentials to Riverty Token Exchange, where the credentials will be validated. If valid, you'll receive an access token.


Riverty Token Exchange

auth.PNG

The request to the token exchange should contain 4 key value pairs in the request body namely:

  • client_id : Riverty's Subscription Payments client id
  • client_secret : Your client secret
  • audience : The audience defines which endpoints the token is to be used. Should always be set to https://api.horizonafs.io
  • granttype : Is the method your application can gain the access token. Should always be set to clientcredentials

The request should be sent using the header: Content-Type: application/x-www-form-urlencoded. Therefore, the key-value pair should be in a string, with "=" between the key and value. Each key-value pair should be separated with "&".

Example request to the token exchange

curl -X POST --url 'https://identity.horizonafs.io/oauth/token' \ --header 'content-type: application/x-www-form-urlencoded' \ --data 'clientid={clientid}&clientsecret={clientsecret}&granttype=clientcredentials&audience=https://api.horizonafs.io'

Example response

{ "accesstoken": "eyJh…", "scope": "read:userprofile fullcontrol:users", "expiresin": 86400, "token_type": "Bearer" }

The response body contains 4 properties:

  • access_token is the JWT. The token holds all your privileges and access rights. Be sure to keep it secure and away from publicly accessible areas as GitHub or client side code.

  • scope is the permissions and access rights of the token.

  • expires_in is how long the JWT is valid in seconds.

  • token_type is what kind of token the token is. In our responses it is specified Bearer which indicates that that you authenticate with a bearer token, "

Every call to our API should have the access token present for the purpose of authentication and authorization.

Example request

curl -X GET 'https://api.horizonafs.io/subscription/v1/clients/{client_id}/subscriptions/{subscription-number}' -H 'Authorization: Bearer eyJh…'

The API requests are rejected if plain HTTP is used. HTTPS is the method required.