Authorization

This type of authorization is universal and can be used for all version of our APIs.

Authorization is the same for every API method. Access token, required for authorization, is generated by request to IDM. Token validity is returned in expires_in field of response (value is in seconds). It is recommended to refresh token when there is less than 10 percent of its lifetime remaining. Authorization requires login information:

client_id
client_secret
username
password

Login information is provided by Alza for both test and production environments.

Request

curl 
 --location 
 --request POST "https://identitymanagement.phoenix.alza.cz/connect/token" 
 --header "Accept: application/json" 
 --header "Content-Type: application/x-www-form-urlencoded" 
 --data-urlencode "grant_type=password" 
 --data-urlencode "scope=konzole_access" 
 --data-urlencode "client_id=xxxCLIENT_IDxxx" 
 --data-urlencode "client_secret=xxxCLIENT_SECRETxxx"
 --data-urlencode "username=xxxPARTNERxxx"
 --data-urlencode "password=xxxPASSWORDxxx"

Response

{
    "access_token": "eyJ...",
    "expires_in": 3600,
    "token_type": "Bearer",
    "scope": "konzole_access"
}