Wallet OAuth 2.0 Support

OAuth 2.0  is an authorization framework you can use to provide secure, limited access to the Wallet API. Instead of using a permanent, shared set of Basic Auth credentials, you can request short-lived bearer tokens to use in your API calls.

This method provides better security than Basic Auth, since, if the tokens become public, they can only be used for a short time before they expire. Another benefit is control of permissions. Instead of broad access to the API, OAuth tokens are project-level, and you can select one or more scopes that define which endpoints and operations are authorized for access. You can edit their scopes at any time.

Workflow

Getting an OAuth token for the Wallet API is a two-step process. Put simply, first you create client credentials in your Airship project settings, then you use the credentials to request tokens to use in your API calls.

Need more details? Here you go:

1. Create client credentials in your Airship project settings and specify the scope of permissions to authorize for issued tokens. You can also specify an expiration date and time for the credentials or revoke them later.
2. Request a token using the credentials. In your request, you can restrict a token to specific permission scopes and/or IP addresses. For additional security, you can also use an assertion.
3. Refresh the token before it expires. Keep refreshing until it is no longer needed, or revoke the credentials in the dashboard if you want to disallow further token requests.

An additional important detail about OAuth authorization is that you must use different base URLs than for HTTP Basic Authentication with the Wallet API.

Documentation

Go to Wallet API Security to learn about OAuth and client credentials. To see which scopes apply to endpoints, see the Wallet API Authorization Reference.