Authorization

Authentication is the process of verifying the identity of a client before allowing them to access the API. To ensure that transaction made via API calls are secure and protected, API authentication is essential. This prevents unauthorized access, protects sensitive data and maintains the integrity of operations.

This article introduces the Authorization API and related authorization error code.

Authorization API

Type of Authentication

Item API applies OAuth Token-based Authentication method, passing token in header “Authorization” when making API calls. This method generates an encrypted token, then the token is used for authentication in each request.

API - Request Login Token

Data Structure

• API Path: POST /user/login
• Body Request:

• Return: Login Token

Example

For every API request, ensure you pass your unique authentication token in the request header. If the token is invalid or missing, the request will be denied and an appropriate error message will be returned.

Take a successful request as an example below:

API URL: https://wms.item.com/api/bam/v1/public/user/login
Request:

curl --location --request POST 'https://stagesaas.opera8.com/api/bam/v1/public/user/login' \
--header 'Content-Type: application/json' \
--data-raw '{
    "username": "edi001",
    "password": "your password"
}'

Return as the image below:

Authorization Errors

Error codes signal issue related to authentication (verifying identity) or authorization ( permissions to access specific resources). The codes provide insight into why the request fails, helping to guide corrective actions. Here is a table listing common API authorization error codes along with their descriptions.