Opportunity @ Work APIs use OAuth 2.0 for secure authentication. OAuth 2.0 is an industry-standard protocol that allows applications to obtain limited access to user accounts on an HTTP service. The process involves the following steps:
Client ID and Client Secret:
Your application will receive a Client ID and Client Secret when you register with Opportunity @ Work APIs. These credentials are used to identify your application and authenticate your requests.
Access Token Request:
To obtain an access token, your application will send a POST request to the token endpoint. This request must include the Client ID, Client Secret, grant type, and other necessary parameters. Here's an example of such a request:
POST /star_mobility_data_model/authentication HTTP/1.1 Host: api.opportunityatwork.org Content-Type: application/x-www-form-urlencoded grant_type=client_credentials&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET
Access Token Response:
If the request is valid, the authorization server will respond with an access token. This token must be included in the header of subsequent API requests to authenticate and authorize access. Here's an example of a successful response:
{ "access_token": "YOUR_ACCESS_TOKEN", "token_type": "Bearer", "expires_in": 3600 }
Using the Access Token:
Include the access token in the Authorization header of your API requests to access protected resources. Example:
GET /star_mobility_data_model/jobs HTTP/1.1 Host: api.opportunityatwork.org Authorization: Bearer YOUR_ACCESS_TOKEN
By following these steps, your application can securely interact with Opportunity @ Work APIs using OAuth 2.0. For more details, please refer to the full OAuth 2.0 documentation.