Authorization
Authentication is the process of verifying the identity of a client before allowing them to access the API. To ensure that transaction made via API calls are secure and protected, API authentication is essential. This prevents unauthorized access, protects sensitive data and maintains the integrity of operations.
This article introduces the Authorization API and related authorization error code.
Authorization API
Type of Authentication
Item API applies OAuth Token-based Authentication method, passing token in header “Authorization” when making API calls. This method generates an encrypted token, then the token is used for authentication in each request.
API - Request Login Token
Data Structure
- API Path:
POST /user/login
- Body Request:
Body Parameter | Required | Description |
---|---|---|
username | Y | “edi001” |
password | Y | “your password” |
- Return:
Login Token
Example
For every API request, ensure you pass your unique authentication token in the request header. If the token is invalid or missing, the request will be denied and an appropriate error message will be returned.
Take a successful request as an example below:
API URL: https://wms.item.com/api/bam/v1/public/user/login
Request:
curl --location --request POST 'https://stagesaas.opera8.com/api/bam/v1/public/user/login' \
--header 'Content-Type: application/json' \
--data-raw '{
"username": "edi001",
"password": "your password"
}'
Return as the image below:
Authorization Errors
Error codes signal issue related to authentication (verifying identity) or authorization ( permissions to access specific resources). The codes provide insight into why the request fails, helping to guide corrective actions. Here is a table listing common API authorization error codes along with their descriptions.
Error Code | Reason | Description |
---|---|---|
401 | Unauthorized | Authentication is required and has failed or not been provided. |
403 | Forbidden | The user authenticated successfully but is not authorized to access the resource. |
498 | Invalid Token | The access token provided is invalid or expired. |
499 | Token Required | No authentication token was provided in the request. |