Server uses OAuth 2.0 authorization protocol through HTTPS.

1. Login

Point user to login page, allows user to authorize future requests by completion of login policy.

Endpoint:
GET /oauth2_login

Headers:
Content-Type:application/x-www-form-urlencoded

Query: 
response_type=code
client_id={app’s client_id}
redirect_uri={callback uri}
CODE

2. One time access code receiving

After login process is completed server will point user to provided redirect_uri with generated access code

Endpoint:
HTTP/1.1 302 Found
Headers:
Location: {redirect_uri}

Query: 
code={generated one time access code}
CODE

3. Retrieving an access token

Authentication token endpoint: POST /api/auth/token

If authentication happens, you'll receive an access token that must be provided at any other API endpoint.

Example Request

Endpoint:
POST /api/auth/token

Headers:
Content-Type:application/json

Body:
{
  "grant_type": "authorization_code",
  "scope": "jobs offline.access",
  "client_id": "7B4CD3C2-F57E-4D52-A90A-23EED001CE81",
  "client_secret": "89fbf537fe689fca26f67abae7a557106f4348d5",
  "code": "89fbf537fe689fca26f67abae7a557106f4348d5",
  "redirect_uri": "{callback uri}",
  "state": "37fe689fc"
}
CODE

Example Response

{
	"access_token": "your_bearer_token",
	"token_type": "Bearer",
	"expires_in": 1800,
	"scope": "jobs offline.access",
	"refresh_token": "your_refresh_token"
}
CODE