Authentication Process
DTO API Authentication & Authorization details
Each endpoint within DTO API requires an authentication token that is generated against user credentials issued to each client. A client application must send a valid token in the authorization header of the HTTP request to our API. The authentication gateway validates the authentication token, and processes the request as per the request if the user is successfully authenticated.
Please note that while we refer to the DTO APIs, the APIs work for both DTO and essCert.
Securing User Credentials
Your User Credentials carry many privileges, so be sure to keep them secure! Do not share the credentials in publicly accessible areas such as GitHub, client-side code, and so forth.
Generating Authentication Token
Each client has a valid username and password against which the API provides a valid authentication token. Here is how a usual cURL looks like to generate an Authentication Token against a valid user.
curl --location --request POST 'https://api.tradecert2.net/auth/v1/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username=adamusclient' \
--data-urlencode 'password=diooigdf1989D'
Here is how the access token output looks when requested.
{
"AccessToken": "eyJraWQiOiJDeHBweFAycjhtSm5xRnVicjVQQm5QU2RoWmFtK1JpakJkcU9CNTlGVVwvdz0iLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJhYzA1ZTk2MS1hZWI2LTQ5NTMtOTVjNy02NjMwOGFmNTQ2ODAiLCJldmVudF9pZCI6IjhjYWQ3NjVkLWM0YTYtNGE0My1iNjMxLTdmOGUxYzM0ODFiMiIsInRva2VuX3VzZSI6ImFjY2VzcyIsInNjb3BlIjoiYXdzLmNvZ25pdG8uc2lnbmluLnVzZXIuYWRtaW4iLCJhdXRoX3RpbWUiOjE2Mzg5MDA0ODAsImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC5ldS13ZXN0LTEuYW1hem9uYXdzLmNvbVwvZXUtd2VzdC0xXzVkUWhLMWxqSCIsImV4cCI6MTYzODkwNDA4MCwiaWF0IjoxNjM4OTAwNDgwLCJqdGkiOiI0NzZhNzllNS00MWNlLTQxOTItYjE4Zi1iZTlkZmZmMGE3NmMiLCJjbGllbnRfaWQiOiIxdWxmdnUycDhhZnN2Z2VwcGdrOXNiMDExcCIsInVzZXJuYW1lIjoiam9obmF1c2NsaWVudCJ9.A9k7T3b3sNTODR5ZOCxarNJaQrtw4W7qV4XD4Tg1WQyyid6cX-A9aLMaadvMUlVbtCTNtjihspZxnIrgfaSfSD_T2TktS8bmI2MArwkHMa-V2v_WJyMJeuP-mBVPkRMb7y7CRjx_TGQkYElnFKcFSbT6fBskFL9h3Pmx1gIsuTpwc2v38KHQP6DgcfSp-o2c16ncNiaYMipTAw_4mTn9I_bhA4iG-zALdJt_1fbzOyJ9L2g1EV_VzqWS8tT8f5qs2jhwui6P2opes0Zn823QcmxQ_rXPby9sO9c9n78FjDsQZ7Iyxt-wEopPpU3h08Fy5bdAsq6_8wLBqNj5MCGy_w",
"ExpiresIn": 3600,
"TokenType": "Bearer",
"RefreshToken": "eyJjdHkiOiJKV1QiLCJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiUlNBLU9BRVAifQ.Sw5sJy6AJgQuWuBd61wrlfIfQbvlUc7LM-qcG6skMSFQT-OlbgXZLNabdyiDJB7EfCHPPQiM7cM2hOmjX5e18E_5tImQ8h0fkPNqBO3aq8btkwwWKkrZwfm3vWA8AV-E-ZX0dUsY_clgclitHKhyXuc90wTu-bJYzfRZRMnw0OKvosE7LbLClHXUfjCanjnHMlJ-aKmjqFPb6d2dntS4JL7ecKQ6OtoUQmX1rGcq9sNjf7DA169AYJmHPocVE1eWKJEMG8PPQvPMgdWZ5HIgKkogfS5AWCqk3Gv8D1FNCWkfPbxUR5Rs2lYqZNQU3emYFG2ZeBRTV7BmJfMSUk2fWA.I-16VRZAHUh2qptK.ptO4MjG5F1_7FzCv5r7uWq_sX9V34Paxq1fKpbMqNyfFAPaZV0EfFXJq64n39ssVZWisFZ4F_jEQLi17PtFdgjokSpBWj26IUwZmT9ox2O1mWfDNbAh_QY9_s8hx37PMYkUcSzvex6BTb4aXYOXgwE8fi81t8QWHEe1ha42myYSRP_p8RfaFEM4K-9sS_glN0Gld1xdD428pma5zlSbb-61GVRhkGa0c-tVRlrvWs3diZLsw4XUiJeZwvyq8zgyLb-nnT-6j-dbkwBlvXEF5sRsbyE0FRaOaa-z-crftXYENtWjV-OZyr-RSLN7z3lOts6oBgSHTju6qIIr90w1WcboEuRS2Zm0X-g80hvlRK1fgTN24asFAWFlvxvymcRmP20kj8A-TezbgaLRrLJ2DXiJtwsehSKKy5ljaRaE6bHr5rUX0HGCpuUrzrtC4puqmORrF-qzlnwp-EC44jHEx5s9Tdf0iaBz-rvxyBTZT7nwWNlC36VZLw0TwLTOe3yfSEgQwpBN2ymqd1HzSVHEjyDhp7F8lGc_u3CD7od3HcuxATU2Xf9zPEsWkdU4KhQOrHgmA95yx3VCYNqzYa4h5oiz4ppkkf9I-3HfQYKlJeXQ-QBO0u5i7CX10uPkmlNmVRzN6dykhgUGIW1S5jkuSYYu-u9LHXkC0xfioU6mmduiZXVHNEFCN8sh0om9H8qBN8oto_JV4Q6beuPgJQBg44rgICW1HRquI6FFWmGG3CkTSEb7jwRKJ3ne7Ck1gx18TC70cY4DKncylT5ug5U1S9QBTG3RM1msiyJBA6VC7UxLbY2tMQTJpLnt6uUTgphotsshby7NfhbIju-_wLSsCNo38jaeUBLLqjsSDwo57XYYHcLjkYjha0xfcnqApRoGvEa8G8UKd86SOMUtDss2o8b_UVgQt8fzqp9oqWbfxMXiWiYMbaPXUXLwZdniM3Eg1-yevqm615JSmiIdBdB-ah2KX2sv77ZpNtRjXMX11er-oX9wnYZljmkruDcXtkI5Q-Wli3jOonMDXMtpD-lso52pv-2C51kZJDCbAc8Wmwj80sYiwLk-XmZsJHoZEJvshmynWHnVCvooHm4ulm6d7VEK-msb-IVqk0IocKu-yj7yw1qDKx6HZ1DsoQBERm-F68gf4i_Zeon8ljRzdO_nMiwYwTDu1I4QOhOrfOYU4Gfyv0WXgxJZZucZ32LY8Q8HbEEkKo-gD064aJyT-Hbq7V1WB5cPhOfxv1Jq5V0VIyVhE2aOjibmvog1GK3LJFxVBr90ISDuT43qA_ozuvw.3mfSJz_hirgn5VxZwWIs3A",
"IdToken": "eyJraWQiOiIrQzFqYkhSZ1ZiZkZHcEh5VzkrTmkwMG50eWtydmkxZmY3eVJQNlUyZDZJPSIsImFsZyI6IlJTMjU2In0.eyJjdXN0b206dGVuYW50SWQiOiJ0ZXN0Iiwic3ViIjoiYWMwNWU5NjEtYWViNi00OTUzLTk1YzctNjYzMDhhZjU0NjgwIiwiYXVkIjoiMXVsZnZ1MnA4YWZzdmdlcHBnazlzYjAxMXAiLCJldmVudF9pZCI6IjhjYWQ3NjVkLWM0YTYtNGE0My1iNjMxLTdmOGUxYzM0ODFiMiIsInRva2VuX3VzZSI6ImlkIiwiYXV0aF90aW1lIjoxNjM4OTAwNDgwLCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAuZXUtd2VzdC0xLmFtYXpvbmF3cy5jb21cL2V1LXdlc3QtMV81ZFFoSzFsakgiLCJjb2duaXRvOnVzZXJuYW1lIjoiam9obmF1c2NsaWVudCIsImV4cCI6MTYzODkwNDA4MCwiaWF0IjoxNjM4OTAwNDgwfQ.QfJXrDSn_nRGrTSQLSxG4aY5G2wxYMJ9-NFhN5lVFmR4MEJxGBlOgN-VdElTMJBYQ54vXpP4Xo2Ch9aMtYd7l-TX1mefSqDdrVVSAQ-dFz7eHtJnGb6aTdq-G73oQxItaHl4S0-vbHrdUou5NS1bw6kvtg27UX8FX18NCv_fd5ZLjcyWxGn4_fF_GDKbwlFX43Uv3DwGJ63Se_PnM8yHwwLCukIsAMzwC86W3Vgq0s9U5n_xTJY4Sf-eVNJ20Dqvz503EwOcGkcQcuUv9NKm3Sg_5LKU0m0dJEBqlDS17sNQfc-aEdEAl2iEXw0Lpi-YJ54T-DC32ImCg2CPni4_Kg"
}
- AccessToken: Access Token used to execute the other endpoints.
- ExpiresIn: Provides token expiry time in seconds.
- TokenType: Implemented token type technology used. The token's endpoint must be appended with the Bearer tag.
- RefreshToken: The Refresh Token is used with
usernameto generate a new Access Token if required. - IdToken: The ID token is a JSON web token (JWT) that contains claims about the identity of the authenticated user such as name, email, and phone_number.
Using Acces Token or Id Token
AccessToken or IdToken can be used to access the API. The
IdTokenhas more claims available than theAccessToken.
Please refer Generates Auth Token to test out the endpoint against your staging credentials.
Token Validity
Each generated token is valid for 3600 seconds / 24 hours. This value can be retrieved from ExpiresIn field within the response.
Using Authentication Token
Once an authentication token is generated, it can be used for 24 hours to consume any available endpoint. Here is a cURL of using the token for authentication.
curl --location --request GET 'https://api.tradecert2.net/api/v1/cert/CO/58AB7810/issue' \
--header 'Authorization: Bearer eyJraWQiOiJDeHBweFAycjhtSm5xRnVicjVQQm5QU2RoWmFtK1JpakJkcU9CNTlGVVwvdz0iLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJhYzA1ZTk2MS1hZ' \
--header 'Content-Type: application/json'
Updated about 1 year ago