Cloud Appointments API requires authentication, to obtain access clients need to have an access token . This is accomplished by utilizing the standard OAuth2 Client Credentials flow. To obtain an access token you must first have a ClientID and a ClientSecret in place, which your QMATIC representative will provide you with.
Access Permissions
To achieve fine grained access control, your access token needs to be decorated with a set of scopes. The scopes are requested when an access token is requested. The table below describes the different scopes that are supported and can be requested, provided to client.
Scope | Description |
|---|---|
| Grants access to |
| Grants access to |
| Grants access to |
Retrieve access token
Before you begin, you need to base64 encode your clientId and clientSecret which your QMATIC representative will provide you with.
BASIC_AUTH=$(echo -n "${CLIENT_ID}:${CLIENT_SECRET}" | base64)
Your clientId and clientSecret should be kept secret and should never exposed in
an end user’s browser for example.
This curl command exemplifies the retrieval of an access token.
curl -H "Authorization: Basic ${BASIC_AUTH}" -H "Content-Type: application/x-www-form-urlencoded" -H "X-ACCOUNT: ${ACCOUNT_NAME}"-d "grant_type=client_credentials&scope=${SCOPES}"-X POST https://api.eu-west-1.qmatic.io/oauth2/token
${SCOPES} must be space-separated if multiple scopes are requested. ${ACCOUNT_NAME} should be replaced by the name of your QMATIC account in lowercase with any spaces
stripped off.
The above command will yield:
{"access_token":"...","expires_in":3600,"token_type":"Bearer"}
The default expiration for an access token is set to 1 hour which means that a new access token
need to be refreshed every hour.
0 Comments