Your browser does not support Java Script or javascript is disabled. Please ensure that your browser supports it for full compatibility with our services.

Oauth Authentication

Oauth Authentication

Introduction 

In order to access services which require authentication, an OAuth2 token has to be passed as a parameter to such a service. The token is obtained during the authentication process which is described below. Two parties are involved in this process:

  • client – a company or individual who integrates their software with Ship2Anywhere,

  • user – a particular Ship2Anywhere user on behalf who authentication is performed.

1. Login page display

First step of authentication is a request from user's web browser. URL the browser visits contains the client_idGET parameter. The login page is displayed at this step.

Request

Method

GET

URL

https://www.ship2anywhere.com.au/oauth2/authorize/ for Production
OR
https://www.s2asandbox.com/oauth2/authorize/ for Sandbox

Parameters

response_type

required

Currently, this field should contain a text “code”.

client_id

required

Generated by the client on Ship2Anywhere website.

redirect_uri

optional

CChanges redirect URI given by user during creation of ID.

 

Example

 

Note: “www” has to be present in this URL, otherwise it may fail to work properly.

2. User logs in and grants permission

At this stage the user logs in and they are asked for authorization to access their account data.

3. Redirect to given location

After granting permission to a client's application, the user's browser is redirected to a location given during the OAuth2 keys generation by the client. The redirect location URL contains a code parameter which the client's application should exchange for a token in the next stage.

Request

Method

GET

URL

Provided during key generation

Parameters

code

Used in next step to obtain an access token

state

empty

Example

http://test.example.com?state=&code=3c3f88b40aa6f9aa0ac42ba145c079135bdce280

4. Exchange code for token

In the final stage the client's application exchanges a code for the access token. In order to do this, it sends a POST request which contains the client_id, client_secret and previously obtained code.

Request

Method

POST

URL

https://api.ship2anywhere.com/oauth2/access_token/ for Production
OR
https://api.s2asandbox.com/oauth2/access_token/ for Sandbox

Parameters

code

Code obtained in the previous step

client_id

Generated on the Ship2Anywhere website

client_secret

Generated on the Ship2Anywhere website

grant_type

Currently text “authorization_code”

Example

POST

code=3c3f88b40aa6f9aa0ac42ba145c079135bdce280&client_secret=d238d6a55031354a26ff77d51659eff0acab2f22&grant_type=authorization_code&client_id=26c333126488ebc80c27

 

Response is a JSON data containing token plus some additional information:

{
    "access_token": "158f05ec811d1b1487fc49366613b56d05115c46",
    "scope": "read",
    "expires_in": 86399,
    "refresh_token": "f744fac3fdf52af6e01a0901a00fa531a4474e31"
}

After successfully obtaining an OAuth2 token, the client's application can call the Ship2Anywhere services on behalf a user who has just been authorized.

Important:

A client's application should always obtain a separate token for each user.