Skip to content

Client Login

Overview

POST /oauth/token

The first request to the huggg API will always be a "client authentication" request. This is an oauth request which authenticates the client application using the API. Client credentials are issued to each party who wishes to use the API.

The response contains a Bearer token that should be provided in the Authorization header of subsequent requests to the api.

Note that, when logging in as a user (be that a customer or merchant account), a valid client token will be required.

When the token expires, subsequent requests using that token will generate a HTTP 401 response. At this point, the login process should be repeated in order to obtain a valid token.

Request

Data Parameters

Note: The client code and secret are provided by huggg. Please contact us if you would like to request access.

Key Value Description
grant_type client_credentias REQUIRED
client_id String REQUIRED The client ID as provided by huggg
client_secret String REQUIRED The client secret as provided by huggg

Example

HTTP POST /oauth/token
Content-Type: application/json

{
    "grant_type": "client_credentials",
    "client_id": "abc",
    "client_secret": "xyz"
}

Response

Examples

HTTP/1.1 200 OK

{
    "token_type" : "Bearer",
    "expires_in" : 3600,
    "access_token" : "nRC9jT/Q5E+SkeF4RqmJ6A=="
}
HTTP/1.1 401 Unauthorized

{
    "error": "Authentication failed."
}