Authentication

How to authenticate with the Neonomics API.

Suggest Edits

This guide will explain how to authenticate with the Neonomics API, to obtain an access_token, keeping a session alive and ending the session.

The Neonomics API uses OAuth 2 Client Credentials Grant flow. In short, this means that you have to request a token from our authentication server using your Client ID and Secret ID.

πŸ“˜

Info

Authenticating with the Neonomics API requires a Client ID and a Secret ID, which can be obtained in the Neonomics Developer Portal.

Authenticate with the Neonomics API

With your Client ID and Secret ID, you can obtain an access_token. To do this you need to make a POST request to the Neonomics API authentication endpoint.

Use the curl command below to obtain an access_token. Replace <CLIENT_ID> and <SECRET_ID> with your Client ID and Secret ID.

Request:

curl -s -X POST <https://sandbox.neonomics.io/auth/realms/sandbox/protocol/openid-connect/token>  
-H "Content-Type: application/x-www-form-urlencoded"  
-d "grant_type=client_credentials"  
-d "client_id=\<CLIENT_ID>"  
-d "client_secret=\<SECRET_ID>"

Neonomics returns the following object.

Response:

{  
    "access_token": "\<ACCESS_TOKEN>",  
    "expires_in": 3600,  
    "refresh_expires_in": 7200,  
    "refresh_token": "\<REFRESH_TOKEN>",  
    "token_type": "bearer",  
    "session_state": "eed85c80-4bd3-4c54-acb6-326075f53070"  
}

Explanation of the attributes in authentication response:

  • access_token – The token needed to use Neonomics API.
  • expires_in – The lifetime in seconds of the access_token. For example, the value 3600 denotes that the access_token will expire in one hour from the time the response was generated.
  • refresh_token – A token which can be used to obtain a new access_token using the same authorization grant.
    refresh_expires_in – The lifetime in seconds of the refresh_token.
  • token_type – The type of token issued. The value is case insensitive. For this call, the value will always be "bearer".
    session_state – Represents the end-user's login state. For future use.
  • scope – For future use.

Keeping a session alive

To keep the session (access_token) alive, you have to use the refresh_token, obtained when authenticating with Neonomics API to get a new access_token.

πŸ“˜

Info

Keeping a session alive needs to be done before the refresh_token expires.

Use the curl command below to refresh your access_token/refresh_token lifetime:

Request:

curl -s -X POST <https://sandbox.neonomics.io/auth/realms/sandbox/protocol/openid-connect/token>  
-H "Content-Type: application/x-www-form-urlencoded"  
-d "grant_type=refresh_token"  
-d "refresh_token=\<REFRESH_TOKEN>"  
-d "client_id=\<CLIENT_ID>"  
-d "client_secret=\<SECRET_ID>"

The curl command returns the following object, which should be the same response as when you authenticated with the Neonomics API.

Response:

{  
    "access_token": "\<ACCESS_TOKEN>",  
    "expires_in": 3600,  
    "refresh_expires_in": 7200,  
    "refresh_token": "\<REFRESH_TOKEN>",  
    "token_type": "bearer",  
    "session_state": "eed85c80-4bd3-4c54-acb6-326075f53070",  
    "scope": "banqbridge_client"  
}

The expires_in and refresh_expires_in lifetime resets and the token becomes refreshed.

Updated 7 months ago