OAuth Service Accounts can now be used to talk to Arivo servers.
At the moment, these Service Accounts can only be created by Arivo employees.
This document describes their use.
# Generate a Bearer Token
To send a request to the Arivo servers, a Service Account requires a Bearer token.
A Bearer token must be requested beforehand.
The request for a Bearer token looks like this:
- Staging/Development endpoint: https://garage.arivo.fun/hydra/oauth2/token (opens new window)
- Production endpoint is not yet available
- It is a POST request
- The body is urlencoded and includes the following data (replace <...> with the matching value):
- grant_type=client_credentials Fixed value
- client_id=<Service Account ID> The ID of your Service Account
- client_secret=<Service Account secret> The secret of your Service Accounts
- scope=<list of required scopes>
Scopes you need for your application. Usually only
iam.sa
- audience=<list of required audiences> Audiences you need for your application. Depends on requested APIs.
- The response includes a Bearer token (
access_token
), how long the token is valid (expires_in
), the requested scope (scope
) and the token type (token_type
) which should bebearer
- The Bearer token will be used as
Authorization header
for all requests to Arivo servers. - Example using the
curl
command line tool (Service Account ID/Secret and access token are redacted):Request:
curl -X POST "https://garage.arivo.fun/hydra/oauth2/token" \ -d "grant_type=client_credentials&client_id=***&client_secret=***&scope=iam.sa&audience=opa.acc.si"
Response:
{"access_token":"***","expires_in":43199,"scope":"iam.sa","token_type":"bearer"}
# Sending a request with Bearer token
All requests to Arivo servers by Service Accounts need to be authenticated with a Bearer token. The token proves your identity and scope.
Example using the curl
command line tool (Bearer token is redacted):
curl "https://garage.arivo.fun/api/example" -H "Authorization: Bearer ***"