Skip to content

Authentication

Overview

The OAuth 2.0 authorization framework is a protocol that allows a user to grant a third-party application access to the user's protected resources, without necessarily revealing their long-term credentials or even their identity.

OAuth introduces an authorization layer and separates the role of the client from that of the resource owner. In OAuth, the client requests access to resources controlled by the resource owner and hosted by the resource server and is issued a different set of credentials than those of the resource owner. Instead of using the resource owner's credentials to access protected resources, the client obtains an Access Token. A string denoting a specific lifetime, and other access attributes. Access tokens are issued to third-party clients by an authorization server with the approval of the resource owner. Then the client uses the access token to access the protected resources hosted by the resource server.

ILS generates access tokens for API authorization scenarios, in JSON web token (JWT) format.

Basic Information

  • Schemas     : HTTPS
  • Host             : api.ils.live
  • Consumes   : application/json
  • Produces     : application/json

Operations

Paths

generateToken

  • POST /api/oauth/token

Description

Returns the JSON web token (JWT) access token.

Parameters

TypeNameDescriptionSchema
Bodybody
required		The request schema for the generateToken operation. OAuth Request Schema 

{
    "clientId": "xxxxxxxxxxx",
    "clientSecret": "xxxxxxxxxx"
}

Responses

HTTP Code Description Schema
200 Success.

Headers:
  • X-Rate-Limit-Limit (number): The maximum number of API calls.
  • X-Rate-Limit-Remaining (number): The remaining number of API calls.
  • X-Rate-Limit-Reset (number): The time internal to reset the API call count.
 OAuth Response Schema 

{
    "access_token": "xxxxxxxxxxxxxxxxxxxxx",
    "expires_in": 7200,
    "token_type": "bearer"
}
400 Bad Request.

Headers:
  • X-Rate-Limit-Limit (number): The maximum number of API calls.
  • X-Rate-Limit-Remaining (number): The remaining number of API calls.
  • X-Rate-Limit-Reset (number): The time internal to reset the API call count.
 Error Status Info Schema 

{
    "statusCode": "Bad Request",
    "statusInfoSet": {
        "ils_codeMajor": "failure",
        "ils_codeMinor": "invalid data",
        "ils_codeSeverity": "error",
        "ils_description": "Invalid data posted in the request payload."
    }
}
401 Unauthorized.

Headers:
  • X-Rate-Limit-Limit (number): The maximum number of API calls.
  • X-Rate-Limit-Remaining (number): The remaining number of API calls.
  • X-Rate-Limit-Reset (number): The time internal to reset the API call count.
 Error Status Info Schema 

{
    "statusCode": "Unauthorized",
    "statusInfoSet": {
        "ils_codeMajor": "failure",
        "ils_codeMinor": "unauthorized",
        "ils_codeSeverity": "error",
        "ils_description": "Invalid client credentials provided."
    }
}
429 Too Many Requests.

Headers:
  • X-Rate-Limit-Limit (number): The maximum number of API calls.
  • X-Rate-Limit-Remaining (number): The remaining number of API calls.
  • X-Rate-Limit-Reset (number): The time internal to reset the API call count.
 Error Status Info Schema 

{
    "statusCode": "Too Many Requests",
    "statusInfoSet": {
        "ils_codeMajor": "failure",
        "ils_codeMinor": "too many requests",
        "ils_codeSeverity": "error",
        "ils_description": "Quota exceeded. Maximum allowed: 120 per minute. Please try again in 38 second(s)."
    }
}
500 Internal Server Error.

Headers:
  • X-Rate-Limit-Limit (number): The maximum number of API calls.
  • X-Rate-Limit-Remaining (number): The remaining number of API calls.
  • X-Rate-Limit-Reset (number): The time internal to reset the API call count.
 Error Status Info Schema 

{
    "statusCode": "Internal Server Error",
    "statusInfoSet": {
        "ils_codeMajor": "failure",
        "ils_codeMinor": "system failure",
        "ils_codeSeverity": "error",
        "ils_description": "Exception Occurred."
    }
}

Schemas

OAuth Request

Field Required Type Description
clientId string The Client Identifier.
clientSecret string The Client Secret.

OAuth Response

Field Type Description
access_token string JSON web token (JWT) access token.
expires_in number The token expiry lifeline in seconds
token_type string The token type. bearer

Error Status Info

Field Type Description
errors list List of error message objects.
errors\location string Location of the error message. Ideally this is a field where the error occurred.
errors\reason string The reason for the error.
errors\message string Detailed error description.
statusCode string The HTTP Status Code for the response.
statusInfoSet\ils_codeMajor string The possible values are: success, failure.
statusInfoSet\ils_codeMinor string The possible values are: full success, partial success, unknown object, invalid data, unauthorized, forbidden, server_busy.
statusInfoSet\ils_codeSeverity string The possible values are: status, error, warning.
statusInfoSet\ils_description string A text string providing a human readable description of the error that happened.
Copyright © 2024 - 2025 jeztech.com