When a partner is integrating with the Orion API on behalf of an end user, we now provide the ability to acquire a long live refresh token than can be stored in the partners user table, and used for access to the api.
This allows you to prompt the user one time for orion user id and password, and then just store the refresh token that is returned, and not store the orion credentials.
You will need to get 2 values from Orion to use this integration.
1. client_id
2. client_secret
Authenticating a User from a Partner App
GET v1/Security/Token
HEADERS
Code:
Authorization: Basic {credentials}
client_id: {partnerId}
client_secret: {partnerSecret}Upon success, the JSON response will look like:
Code:
{
"access_token":{api token},
"expires_in":{lifetime in seconds},
"refresh_token":{refresh token}
}The access_token can be used to access the api, but still has an expiration of 10 hours. So the refresh_token is what should be stored, as it will not expire, and can be used to get a new access_token at any time.
Note that a refresh_token can only be used 1 time. So every new authentication using the users userid/pwd or refresh token, the partner app should update the stored refresh_token with the new one.
Authenticating a User with a Refresh Token
Use the Bearer method of authorization.
Code:
GET v1/Security/Token
HEADERS
Authorization: Bearer {refresh token}
client_id: {partnerId}
client_secret: {partnerSecret}Upon success, the JSON response will look like:
Code:
{
"access_token":{api token},
"expires_in":{lifetime in seconds},
"refresh_token":{refresh token}
}