PouchCONNECT API implements OAuth 2. Before you can integrate to PouchCONNECT's APIs you must first obtain a client_id and client_secret. For you to acquire these, you must first sign-up or log-in on the CONNECT_WEBSITE. Once you are inside the website, you must create an App. Afterwards you can view both client_id and client_secret when you open the details page of your App.
Authentication
The app that you created will have its own client_id and client_secret. After you have acquired these credentials, next step is to exchange it for a bearer token from the OAUTH_URL through the request below:
Acquiring a Bearer Token
Endpoint
POST <OAUTH_URL>/oauth2/token
Sample Request
curl --location --request POST 'https://staging-auth-connector-pouchnation-com.auth.ap-southeast-1.amazoncognito.com/oauth2/token?grant_type=client_credentials&client_id=uue53f7brb4r75evur9dg2o2o&scope=connector/system+booking/system' \
--header 'Authorization: Basic dXVlNTNmN2JyYjRyNzVldnVyOWRnMm8ybzptM3RoZ3V0MjZxbzIyajl1MWlkMW5ybDRlb3ZlYmcwdmU2OHF2MWxrc25vcXRyMmVxMXA=' \
--header 'Content-Type: application/x-www-form-urlencoded'
Headers
| Header | Required | Description |
|---|---|---|
| Authorization | Yes | Client must pass its client_id and client_secret in the authorization header through Basic HTTP authorization. The secret is Basic Base64Encode(client_id:client_secret) |
| Content-Type | Yes | Must always be application/x-www-form-urlencoded |
Request Parameters
| Request Parameter | Required | Description |
|---|---|---|
| grant_type | Yes | Must always be client_credentials |
| client_id | Yes | Must be your client_id from the CONNECT_WEBSITE. |
| scope | Yes | Must always be connector/system+booking/system |
Sample Response
{
"access_token": "eyJraWQiOiJXZzY0Wndoc3NTSzZXSWdDUkgyamM5dlNUZUl1bHpjNndqblFIekFSYmVBPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJ1dWU1M2Y3YnJiNHI3NWV2dXI5ZGcybzJvIiwidG9rZW5fdXNlIjoiYWNjZXNzIiwic2NvcGUiOiJjb25uZWN0b3JcL3VzZXIiLCJhdXRoX3RpbWUiOjE2MzMwNzkzNTIsImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC5hcC1zb3V0aGVhc3QtMS5hbWF6b25hd3MuY29tXC9hcC1zb3V0aGVhc3QtMV9kbW5HNDFVc1ciLCJleHAiOjE2MzMxNjU3NTIsImlhdCI6MTYzMzA3OTM1MiwidmVyc2lvbiI6MiwianRpIjoiYTFkZmVlNmUtMzg1ZC00ODU2LWFiZmMtZDQwMDc3YzQ2YjY1IiwiY2xpZW50X2lkIjoidXVlNTNmN2JyYjRyNzVldnVyOWRnMm8ybyJ9.sohy8CvZww0FPif3ye2MHM2Lv3JW5V-MDZfiOu3b38bJERbLWL4JsEZz5WeOtKtg2QwrIjdMFDdzClJRnnYNnm-GIo81RCfuyayAIimtQuElcGcPiHW6PbiMWD8pPC_Cp0KCyAfcx406hehnWwZKfgaZtZXb3a00ko6-Skt-pRYEr6DKNUbikbLwW3JoI_ULOUySQOoYMN2e4KnEcloN7LTlyXeUnkXRa2-wHNSFs1wdXY2aIDTHbsUPecNCcpSeTIHIlta-kox7pnFg90iGfxtoWmFMLPzHv4cF8vPRYst4cOgTgucXzKtXZCVVESM_utf6on5TE-ykTTzT43QNCQ",
"expires_in": 86400,
"token_type": "Bearer"
}
| Response Parameter | Description |
|---|---|
| access_token | The token that you can use to call PouchCONNECT APIs. |
| expires_in | Token expiration |
| token_type | Token type |
After successfully getting an access token, you can use this token as Bearer authorization header for your succeeding requests in our APIs:
Format for API Call
curl --location --request POST 'https://staging.api.pouchnation.com/<API_ENDPOINT>' \
--header 'Authorization: Bearer BEARER_TOKEN' \
--header 'Content-Type: application/json' \
--data-raw '{
"...": "..." // json body
}
'