The provided web services use OAuth 2.0 with both client application and user credentials for security. The client application authentication can be requested from Urbanise to allow your client to connect. Either authorisation code grant or resource owner password credentials grant OAuth clients can be configured. The user credentials are entered in the Plaza systems screen. This can be configured by your Plaza administrator.
For password grant authentication clients, the token request url is
POST <base url>/oauth-agent/oauth/token
Client authentication details are sent as basic authentication using the Authorization header.
The end user details are sent as body parameters. ie:
grant_type=password&username={username}&password={password}
Response:
{ "access_token" : "...", "token_type" : "...", "expires_in" : "...", "refresh_token" : "...",}A refresh token may or may not be returned depending on client configuration.
API requests must include the access token in the Authorization header with a type of Bearer.