Getting an Access Token

OAuth (Open Authorization) is an open standard authorization protocol or framework used by the ID Server to pass the client information for generating your access token.

For generating tokens for M2M Web API, M2M supports the following Grant Types:

• CLIENTCREDENTIALS: Select this option to use the permissions for the API client name in use. Hence, no login is required.

Setting up Grant Type as Client Credentials

To setup the grant type as CLIENTCREDENTIALS and generate an access token, perform the following steps:

1. In Made2Manage > APICONFIG page > Client Configuration window > Grant Type field, select CLIENTCREDENTIALS from the drop-down list for the required client.

2. Switch to Postman tool.

3. To get an access token, an HTTP request needs to be sent to the token endpoint of the identity server application. Select the POST request type and specify the endpoint:

   Endpoint: https://<<m2murl>>/idsrvapi/connect/token

4. Specify the following information to be passed with the request:

   Headers:

   Key	Value	Description
   CompanyID	01	Company ID as specified in the APICONFIG page > Company ID field.
   Content-Type	application/x-www-form-urlencoded	The Media type of the body of the request (used with POST and PUT requests).

   Body:

   The following parameters must be passed in the request body:

   grant_type=client_credentials&client_id=AZ03&client_secret=Pass@1234&scope=M2MAPI&tenant=<<tenantName>>
   

   Parameter	Description
   grant_type	Value must be set to client_credentials
   client_id	Client Name as specified in the APICONFIG page > Client Configuration window > Client Name field
   client_secret	Client password as specified in the APICONFIG page > Client Configuration window > Client Password field
   scope	Value must be set to M2MAPI
   tenant	<<tenant Name>> Name of the tenant

   Note: Client ID is read from the Body.

5. Click Send.

   On successful authentication, the access token gets generated and is displayed in the response body.

   The response body for access token authentication contains the following parameters:

   Parameter	Description
   access_token	Access token required to access the data from the server using API requests.
   expires_in	Validity of the access token in seconds.
   token_type	Token type is Bearer. A bearer token is a security token used to access data resources without using a cryptographic key.

Note: If you have multiple API Clients created, a token must be generated for each Client that you use for the configuration of objects in the APICONFIG page.

Restricted Characters

The below mentioned characters are restricted from API’s:

"';",";--","/*","*/","select ","delete ","drop ","insert ","order by ","sort by ","update ","exec","execute","fetch ","cursor", "begin","declare","end","kill","sysobjects","syscolumns","sys","alter","@@","truncate","raiserror","reconfigure","shutdown", "create","sp_oacreate","sp_oamethod","host_name","is_member","is_srvrolemember","opendatasource","openrowset","syscolumns", "sysobjects","information_schema","object_id","connectionproperty","decompress","xact_state","rowcount_big","get_filestream", "xp_cmdshell","sysmessages","sysservers","sysxlogins","sql_logins","sys.","xp_regread","xp_regaddmultistring","xp_regdeletekey", "xp_regdeletevalue","xp_regenumkeys","xp_regenumvalues","xp_regread","xp_regaddmultistring","xp_regwrite","xp_servicecontrol", "xp_availablemedia","xp_enumdsn","xp_loginconfig","xp_makecab","xp_ntsec_enumdomains","xp_terminate_process","sp_addextendedproc", "sp_makewebtask","sp_configure ","information_schema","waitfor delay","if exists ","if exists(","not exist(","not exist (","not exist (","not in (","not in("," union "