Authenticating with Oauth2

Authenticate first with our Oauth 2 server, this will give you your access and refresh tokens.

As of writing an access token is valid for 300 seconds, this can be renewed using the refresh token. If required the access token life can be extended via the server.

Request structure

Url: https://io.trap.nz/api-sensor/oauth/token

Headers

Only the following is required
Content-type: application/x-www-form-urlencoded

Body

The following should be sent as URLencoded form data

key value
grant_type password
client_id [As provided]
client_secret [As provided]
username [As provided]
password [As provided]

Response

If successful the server response will look something like the following. Record the access token and refresh token for later use - the token type will always be "Bearer".

Bear in mind the tokens can get upward of a 1000 characters long.

{
    "token_type": "Bearer",
    "expires_in": 300,
    "access_token": "**********",
    "refresh_token": "**********"
}

Example curl request

curl -X POST \
  https://io.trap.nz/api-sensor/oauth/token \
  -H 'Cache-Control: no-cache' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'grant_type=password&client_id=**********&client_secret=**********&username=*****&password=*****'

Refreshing the bearer token

The token will expire after about an hour and a half. To avoid re-authentication you can keep the token alive by posting the refresh token back to the API:

Request structure

Url: https://io.trap.nz/api-sensor/oauth/token

Headers

Only the following is required
Content-type: application/x-www-form-urlencoded

Body

The following should be sent as URLencoded form data

key value
grant_type refresh_token
client_id [As provided]
client_secret [As provided]
refresh_token [As provided]

Example curl request

curl -X POST \
  https://io.trap.nz/api-sensor/oauth/token \
  -H 'Cache-Control: no-cache' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'grant_type= refresh_token&client_id=**********&client_secret=**********& refresh_token =*****'