Authorization

throughline utilizes oauth to authenticate requests to the api it has been designed to be used in a server to server scenario in which requests are performed as a service rather than an individual user this scenario is sometimes referred to as two legged oauth or application only oauth the basic flow for the throughline api, using the application credentials you can retrieve from the developer dashboard , is described below 1 get client application credentials in the developer dashboard create a new application or view the secrets for an existing one each application is assigned a unique client id (consumer key/api key) and client secret please make a note of these values as they will be integrated into your application config files your client secret protects your application's security so be sure to keep it secure! keep your secrets safe! please safeguard your application secret do not share your client secret value with anyone, and do not pass it in the url when making api calls, include it in uri query string parameters, or post it in support forums, chat, etc the secret is required to authenticate to the api and generate the tokens required to make valid calls to the api see our api security docid\ ker6xzb7zaobvrzkp9i3l article for the best practices in keeping your calls to the api secure throughline reserves the right to revoke any application credentials at any time and issue a new one if they have been leaked or misused 2 generate an access token to generate an access token, your application needs to send a post request to the oauth/token endpoint with a content type header of x www form urlencoded and the following parameters in the request body https //api findahelpline com/oauth/token parameter description required grant type the value of this field should always be client credentials yes client id the client id value generated when you registered your application yes client secret the client secret value generated when you registered your application yes example request curl location request post 'https //api findahelpline com/oauth/token' \ form 'client id="your client id"' \ form 'client secret="your client secret"' \ form 'grant type="client credentials"' a successful access token request returns a json object containing the following fields access token the access token for the application this token must be kept secure token type how the token is to be used expires in seconds until token expiration the access token has a lifespan of 2 hours by default and should be used immediately your application requests a new token once your current token expires scope public by default there are no other available scopes at this time for the resources available in the throughline api { "access token" "abc ", "token type" "bearer", "expires in" 7200, "scope" "public", "created at" 1700452443 } 3 make api requests once you've received an access token, you can make api requests by including an authorization header using the bearer scheme with your token in the http call to throughline's api example request curl location request get 'https //api findahelpline com/api/v1/countries' \\ \ header 'authorization bearer {access token} for more information on keeping your application calls to the api secure, please see our api security docid\ ker6xzb7zaobvrzkp9i3l article