Authentication

To access the APIs, the client must be authorised with a token. The authorisation token is generated through Oauth2 based on a client ID together with a secret key. These are given to the customer when the technical consultant from CatalystOne has finished configuring the webservice in the CatalystOne-application.

The activity diagram below illustrates the dataflow to generate an access token:

The token has a default lifetime of 1 hour, but this can also be configured per client. With every request for a token, the previous token is invalidated and a fresh token is issued. It is expected that the client request a token once as depicted in the illustration above, and keep that token for all subsequent request made by that client for the remaining lifespan of the token