OAuth Service Accounts can now be used to talk to Arivo servers.

At the moment, these Service Accounts can only be created by Arivo employees.

This document describes their use.

Generate a Bearer Token

To send a request to the Arivo servers, a Service Account requires a Bearer token.

A Bearer token must be requested beforehand.

The request for a Bearer token looks like this:

• Staging/Development endpoint: https://garage.arivo.fun/hydra/oauth2/token (opens new window)
• Production endpoint is not yet available
• It is a POST request
• The body is urlencoded and includes the following data (replace <...> with the matching value):
  • grant_type=client_credentials Fixed value
  • client_id=<Service Account ID> The ID of your Service Account
  • client_secret=<Service Account secret> The secret of your Service Accounts
  • scope=<list of required scopes> Scopes you need for your application. Usually only iam.sa
  • audience=<list of required audiences> Audiences you need for your application. Depends on requested APIs.
• The response includes a Bearer token (access_token), how long the token is valid (expires_in), the requested scope (scope) and the token type (token_type) which should be bearer
• The Bearer token will be used as Authorization header for all requests to Arivo servers.
• Example using the curl command line tool (Service Account ID/Secret and access token are redacted):

  • Request:

    curl -X POST "https://garage.arivo.fun/hydra/oauth2/token" \
      -d "grant_type=client_credentials&client_id=***&client_secret=***&scope=iam.sa&audience=opa.acc.si"
    

  • Response:

    {"access_token":"***","expires_in":43199,"scope":"iam.sa","token_type":"bearer"}
    

Sending a request with Bearer token

All requests to Arivo servers by Service Accounts need to be authenticated with a Bearer token. The token proves your identity and scope.

Example using the curl command line tool (Bearer token is redacted):

curl "https://garage.arivo.fun/api/example" -H "Authorization: Bearer ***"