What is OAuth2
OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords. POSRocket uses only the Authorization code grant type to authenticate the 3rd party apps into the businesses data.
How to get an access token
you can follow the below steps to grant an access token which you can use to receive the data from the API endpoints:
- Login in into your launchpad account and go to your app settings page.
- On the redirect URI field add http://localhost:8080/callback where /callback page is the page that will handle retrieving the access_token will describe it in detail below.
- On your web application you need to redirect the user to this URL:
http://launchpad.rocketinfra.com/oauth/authorize/?redirect_uri=<yout redirect uri>&response_type=code&client_id=<yout client id>&access_type=offline.
Please note that the redurect_url query param should match the redirect URI setting that you set in your app.
- Launchpad will display a login screen for the user to enter his POSRocket credentials and make sure that his data is verified.
- Launchpad will display a confirmation screen for the scopes that your app want to have access to.
- If all is good launchpad will redirect the user back to your return URL with the code query param to retrieve access token:
- Once you receive the code you will need to send server to server POST request to this URL:
with the following body:
code=<grant code>&redirect_uri= http://localhost:8080/callback&client_id=<your app id>&client_secret=<your app secret>&grant_type=authorization_code
- You will receive the following JSON response back from sending that post request:
"access_token": "<your access token>",
"refresh_token": " <your refresh token> ",
"scope": " <your list of scopes>"
- Now you can attach the access token to the header when sending API requests to authenticate the request by adding an Authorization header to your request and the value should be something like this Bearer <your access token>.