Guides

Authentication Process

DTO API Authentication & Authorization details

Suggest Edits

Each endpoint within DTO API requires an authentication token that is generated against user credentials issued to each client. A client application must send a valid token in the authorization header of the HTTP request to our API. The authentication gateway validates the authentication token, and processes the request as per the request if the user is successfully authenticated.

Please note that while we refer to the DTO APIs, the APIs work for both DTO and essCert.

🚧

Securing User Credentials

Your User Credentials carry many privileges, so be sure to keep them secure! Do not share the credentials in publicly accessible areas such as GitHub, client-side code, and so forth.

Generating Authentication Token

Each client has a valid username and password against which the API provides a valid authentication token. Here is how a usual cURL looks like to generate an Authentication Token against a valid user.

curl --location --request POST 'https://api.tradecert2.net/auth/v1/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username=adamusclient' \
--data-urlencode 'password=diooigdf1989D'

Here is how the access token output looks when requested. 

{
    "AccessToken": "eyJraWQiOiJDeHBweFAycjhtSm5xRnVicjVQQm5QU2RoWmFtK1JpakJkcU9CNTlGVVwvdz0iLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJhYzA1ZTk2MS1hZWI2LTQ5NTMtOTVjNy02NjMwOGFmNTQ2ODAiLCJldmVudF9pZCI6IjhjYWQ3NjVkLWM0YTYtNGE0My1iNjMxLTdmOGUxYzM0ODFiMiIsInRva2VuX3VzZSI6ImFjY2VzcyIsInNjb3BlIjoiYXdzLmNvZ25pdG8uc2lnbmluLnVzZXIuYWRtaW4iLCJhdXRoX3RpbWUiOjE2Mzg5MDA0ODAsImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC5ldS13ZXN0LTEuYW1hem9uYXdzLmNvbVwvZXUtd2VzdC0xXzVkUWhLMWxqSCIsImV4cCI6MTYzODkwNDA4MCwiaWF0IjoxNjM4OTAwNDgwLCJqdGkiOiI0NzZhNzllNS00MWNlLTQxOTItYjE4Zi1iZTlkZmZmMGE3NmMiLCJjbGllbnRfaWQiOiIxdWxmdnUycDhhZnN2Z2VwcGdrOXNiMDExcCIsInVzZXJuYW1lIjoiam9obmF1c2NsaWVudCJ9.A9k7T3b3sNTODR5ZOCxarNJaQrtw4W7qV4XD4Tg1WQyyid6cX-A9aLMaadvMUlVbtCTNtjihspZxnIrgfaSfSD_T2TktS8bmI2MArwkHMa-V2v_WJyMJeuP-mBVPkRMb7y7CRjx_TGQkYElnFKcFSbT6fBskFL9h3Pmx1gIsuTpwc2v38KHQP6DgcfSp-o2c16ncNiaYMipTAw_4mTn9I_bhA4iG-zALdJt_1fbzOyJ9L2g1EV_VzqWS8tT8f5qs2jhwui6P2opes0Zn823QcmxQ_rXPby9sO9c9n78FjDsQZ7Iyxt-wEopPpU3h08Fy5bdAsq6_8wLBqNj5MCGy_w",
    "ExpiresIn": 3600,
    "TokenType": "Bearer",
    "RefreshToken": "eyJjdHkiOiJKV1QiLCJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiUlNBLU9BRVAifQ.Sw5sJy6AJgQuWuBd61wrlfIfQbvlUc7LM-qcG6skMSFQT-OlbgXZLNabdyiDJB7EfCHPPQiM7cM2hOmjX5e18E_5tImQ8h0fkPNqBO3aq8btkwwWKkrZwfm3vWA8AV-E-ZX0dUsY_clgclitHKhyXuc90wTu-bJYzfRZRMnw0OKvosE7LbLClHXUfjCanjnHMlJ-aKmjqFPb6d2dntS4JL7ecKQ6OtoUQmX1rGcq9sNjf7DA169AYJmHPocVE1eWKJEMG8PPQvPMgdWZ5HIgKkogfS5AWCqk3Gv8D1FNCWkfPbxUR5Rs2lYqZNQU3emYFG2ZeBRTV7BmJfMSUk2fWA.I-16VRZAHUh2qptK.ptO4MjG5F1_7FzCv5r7uWq_sX9V34Paxq1fKpbMqNyfFAPaZV0EfFXJq64n39ssVZWisFZ4F_jEQLi17PtFdgjokSpBWj26IUwZmT9ox2O1mWfDNbAh_QY9_s8hx37PMYkUcSzvex6BTb4aXYOXgwE8fi81t8QWHEe1ha42myYSRP_p8RfaFEM4K-9sS_glN0Gld1xdD428pma5zlSbb-61GVRhkGa0c-tVRlrvWs3diZLsw4XUiJeZwvyq8zgyLb-nnT-6j-dbkwBlvXEF5sRsbyE0FRaOaa-z-crftXYENtWjV-OZyr-RSLN7z3lOts6oBgSHTju6qIIr90w1WcboEuRS2Zm0X-g80hvlRK1fgTN24asFAWFlvxvymcRmP20kj8A-TezbgaLRrLJ2DXiJtwsehSKKy5ljaRaE6bHr5rUX0HGCpuUrzrtC4puqmORrF-qzlnwp-EC44jHEx5s9Tdf0iaBz-rvxyBTZT7nwWNlC36VZLw0TwLTOe3yfSEgQwpBN2ymqd1HzSVHEjyDhp7F8lGc_u3CD7od3HcuxATU2Xf9zPEsWkdU4KhQOrHgmA95yx3VCYNqzYa4h5oiz4ppkkf9I-3HfQYKlJeXQ-QBO0u5i7CX10uPkmlNmVRzN6dykhgUGIW1S5jkuSYYu-u9LHXkC0xfioU6mmduiZXVHNEFCN8sh0om9H8qBN8oto_JV4Q6beuPgJQBg44rgICW1HRquI6FFWmGG3CkTSEb7jwRKJ3ne7Ck1gx18TC70cY4DKncylT5ug5U1S9QBTG3RM1msiyJBA6VC7UxLbY2tMQTJpLnt6uUTgphotsshby7NfhbIju-_wLSsCNo38jaeUBLLqjsSDwo57XYYHcLjkYjha0xfcnqApRoGvEa8G8UKd86SOMUtDss2o8b_UVgQt8fzqp9oqWbfxMXiWiYMbaPXUXLwZdniM3Eg1-yevqm615JSmiIdBdB-ah2KX2sv77ZpNtRjXMX11er-oX9wnYZljmkruDcXtkI5Q-Wli3jOonMDXMtpD-lso52pv-2C51kZJDCbAc8Wmwj80sYiwLk-XmZsJHoZEJvshmynWHnVCvooHm4ulm6d7VEK-msb-IVqk0IocKu-yj7yw1qDKx6HZ1DsoQBERm-F68gf4i_Zeon8ljRzdO_nMiwYwTDu1I4QOhOrfOYU4Gfyv0WXgxJZZucZ32LY8Q8HbEEkKo-gD064aJyT-Hbq7V1WB5cPhOfxv1Jq5V0VIyVhE2aOjibmvog1GK3LJFxVBr90ISDuT43qA_ozuvw.3mfSJz_hirgn5VxZwWIs3A",
    "IdToken": "eyJraWQiOiIrQzFqYkhSZ1ZiZkZHcEh5VzkrTmkwMG50eWtydmkxZmY3eVJQNlUyZDZJPSIsImFsZyI6IlJTMjU2In0.eyJjdXN0b206dGVuYW50SWQiOiJ0ZXN0Iiwic3ViIjoiYWMwNWU5NjEtYWViNi00OTUzLTk1YzctNjYzMDhhZjU0NjgwIiwiYXVkIjoiMXVsZnZ1MnA4YWZzdmdlcHBnazlzYjAxMXAiLCJldmVudF9pZCI6IjhjYWQ3NjVkLWM0YTYtNGE0My1iNjMxLTdmOGUxYzM0ODFiMiIsInRva2VuX3VzZSI6ImlkIiwiYXV0aF90aW1lIjoxNjM4OTAwNDgwLCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAuZXUtd2VzdC0xLmFtYXpvbmF3cy5jb21cL2V1LXdlc3QtMV81ZFFoSzFsakgiLCJjb2duaXRvOnVzZXJuYW1lIjoiam9obmF1c2NsaWVudCIsImV4cCI6MTYzODkwNDA4MCwiaWF0IjoxNjM4OTAwNDgwfQ.QfJXrDSn_nRGrTSQLSxG4aY5G2wxYMJ9-NFhN5lVFmR4MEJxGBlOgN-VdElTMJBYQ54vXpP4Xo2Ch9aMtYd7l-TX1mefSqDdrVVSAQ-dFz7eHtJnGb6aTdq-G73oQxItaHl4S0-vbHrdUou5NS1bw6kvtg27UX8FX18NCv_fd5ZLjcyWxGn4_fF_GDKbwlFX43Uv3DwGJ63Se_PnM8yHwwLCukIsAMzwC86W3Vgq0s9U5n_xTJY4Sf-eVNJ20Dqvz503EwOcGkcQcuUv9NKm3Sg_5LKU0m0dJEBqlDS17sNQfc-aEdEAl2iEXw0Lpi-YJ54T-DC32ImCg2CPni4_Kg"
}
  • AccessToken: Access Token used to execute the other endpoints.
  • ExpiresIn: Provides token expiry time in seconds.
  • TokenType: Implemented token type technology used. The token's endpoint must be appended with the Bearer tag.
  • RefreshToken: The Refresh Token is used with username to generate a new Access Token if required.
  • IdToken: The ID token is a JSON web token (JWT) that contains claims about the identity of the authenticated user such as name, email, and phone_number.

πŸ“˜

Using Acces Token or Id Token

AccessToken or IdToken can be used to access the API. The IdToken has more claims available than the AccessToken.

Please refer Generates Auth Token to test out the endpoint against your staging credentials.

πŸ“˜

Token Validity

Each generated token is valid for 3600 seconds / 24 hours. This value can be retrieved from ExpiresIn field within the response.

Using Authentication Token

Once an authentication token is generated, it can be used for 24 hours to consume any available endpoint. Here is a cURL of using the token for authentication.

curl --location --request GET 'https://api.tradecert2.net/api/v1/cert/CO/58AB7810/issue' \
--header 'Authorization: Bearer eyJraWQiOiJDeHBweFAycjhtSm5xRnVicjVQQm5QU2RoWmFtK1JpakJkcU9CNTlGVVwvdz0iLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJhYzA1ZTk2MS1hZ' \
--header 'Content-Type: application/json'

Updated over 1 year ago

What’s Next