Reseller API Authentication

The reseller API is protected by a machine-to-machine OAuth2 flow. In this setup the client uses a long-lived client_id and client_secret to perform a credential exchange with Auth0 to get a short-lived token, which is then used to authenticate with the API.

Four parameters are required to retrieve a token:

Client ID
Client Secret
Authentication URL
Audience

Contact Identrust to get these values. Typical/sample values are used in the examples. below.

An example credential exchange and access is as follows:

# use curl to get token
curl --request POST \
  --url https://hues-dev.us.auth0.com/oauth/token \
  --header 'content-type: application/json' \
  --data '{
    "client_id":"u87YlPTpVktXobqxLhzbcAT0qeL48jMz",
    "client_secret":"_ABC123...XYZ_",
    "audience":"https://reseller.cms.dev.identrust.com/reseller",
    "grant_type":"client_credentials"
  }'

This will return:

{
    "access_token": "eyJh...",
    "scope": "reseller read:order write:order read:authorization write:authorization read:certificate write:certificate read:challenge write:challenge read:account write:account",
    "expires_in": 86400,
    "token_type": "Bearer"
}

This can then be used to authenticate through Swagger UI: OAuth Login

Or to use in reseller requests via the Authorization: Bearer ... header:

curl -X 'GET' \
  'http://localhost:9090/certificates?customerEmail=user%40example.com' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer eyJ...'