API Docs
Getting Started
Authorization

Authorization

Authentication is the process of verifying the identity of a client before allowing them to access the API. To ensure that transaction made via API calls are secure and protected, API authentication is essential. This prevents unauthorized access, protects sensitive data and maintains the integrity of operations.

This article introduces the Authorization API and related authorization error code.

Authorization API

Type of Authentication

Item API applies OAuth Token-based Authentication method, passing token in header “Authorization” when making API calls. This method generates an encrypted token, then the token is used for authentication in each request.

API - Request Login Token

Data Structure

  • API Path: POST /user/login
  • Body Request:
Body ParameterRequiredDescription
usernameY“edi001”
passwordY“your password”
  • Return: Login Token

Example

For every API request, ensure you pass your unique authentication token in the request header. If the token is invalid or missing, the request will be denied and an appropriate error message will be returned.

Take a successful request as an example below:

API URL: https://wms.item.com/api/bam/v1/public/user/login
Request:

curl --location --request POST 'https://stagesaas.opera8.com/api/bam/v1/public/user/login' \
--header 'Content-Type: application/json' \
--data-raw '{
    "username": "edi001",
    "password": "your password"
}'

Return as the image below:
Return

Authorization Errors

Error codes signal issue related to authentication (verifying identity) or authorization ( permissions to access specific resources). The codes provide insight into why the request fails, helping to guide corrective actions. Here is a table listing common API authorization error codes along with their descriptions.

Error CodeReasonDescription
401UnauthorizedAuthentication is required and has failed or not been provided.
403ForbiddenThe user authenticated successfully but is not authorized to access the resource.
498Invalid TokenThe access token provided is invalid or expired.
499Token RequiredNo authentication token was provided in the request.