API Authentication

Grant Types

Our authentication service provides an API compliant with the OAuth 2.0 standard.

2 grant types are available:

  • password
  • client_credentials

If not specified, the authentication service will set the grant type to password.

Client Credentials Grant Type (Technical account)

The Client Credentials Grant Type is used to authenticate an Application. It is usually used by an external technical service to get an access_token to call other Dalenys APIs.

To get an access_token, make a POST on the /iam/token endpoint with this body:

{
    "grant_type": "client_credentials",
    "client_id": "your_client_id",
    "client_secret": "your_client_secret",
    "scope": "your_scope"
}

You have to set the scope as your realm path. You can get it by calling GET /iam/realms/my endpoint. If you need help or details, please ask your contact.

If the request is successful, you will receive a JWT access token.

Password Grant Type (User account)

The Password Grant Type is used to authenticate an end user with their username and password so that they can call any API.

To get an access_token, make a POST on the /iam/token endpoint with this body:

{
    "username": "your_username",
    "password": "your_password",
    "scope": "your_scope"
}

If the request is successful, you will receive a JWT access token.

JWT access_token

Here is a response example of successful authentication:

{
    "access_token": "eyJraWQiOiJNRDUtOEZFN0IxREU0QUFGNkFERjQ...",
    "expires_in": 43200,
    "refresh_expires_in": 0,
    "token_type": "Bearer",
    "not-before-policy": 0,
    "session_state": "c32cc0fe-5ef5-49d9-a46f-0848a7f841bf"
}

You have to use the access_token value in an authorization header on your next HTTP request to the other Payplug API endpoint.

Authorization: Bearer your_access_token

You may test it with a GET /iam/identities/my endpoint.