This type of authorization is universal and can be used for all version of our APIs. |
Authorization is the same for every API method. Access token, required for authorization, is generated by request to IDM. Token validity is returned in expires_in field of response (value is in seconds). It is recommended to refresh token when there is less than 10 percent of its lifetime remaining. Authorization requires login information:
client_id
client_secret
username
password
Login information is provided by Alza for both test and production environments.
curl --location --request POST "https://identitymanagement.phoenix.alza.cz/connect/token" --header "Accept: application/json" --header "Content-Type: application/x-www-form-urlencoded" --data-urlencode "grant_type=password" --data-urlencode "scope=konzole_access" --data-urlencode "client_id=xxxCLIENT_IDxxx" --data-urlencode "client_secret=xxxCLIENT_SECRETxxx" --data-urlencode "username=xxxPARTNERxxx" --data-urlencode "password=xxxPASSWORDxxx" |
{ "access_token": "eyJ...", "expires_in": 3600, "token_type": "Bearer", "scope": "konzole_access" } |