API Authentication
All APIs use a common authentication method, exchanging the normal username and password required to access the system with a refresh token and access token.
Refresh tokens expire every 6 months, access tokens expire every 30 minutes.
Retrieve a Refresh Token:
GET https://api.hrapi.co.uk/api/token/
Using username and password basic authentication, alongside a grant_type header of password, the API returns the following:
{
"refresh_token": "new token",
"access_token": "new token"
}
Retrieve an Access token:
GET https://api.hrapi.co.uk/api/token/
The refresh token retrieved above can now be used for Bearer token based authentication. Alongside a grant_type header of refresh_token the API returns the following:
{
"refresh_token": "refresh token used in the request",
"access_token": "new token"
}
The access token can now be used for Bearer token based authentication on all subsequent API end points.
Related topics:
Set up API access and create an API User