Authentication

Authentication is handled by receiving a token from the Yellow Dog Auth API. All requests require an Authorization header with a Bearer token included. The only source for this Token is through the Yellow Dog Auth API.

As an integrator you should have received an API Client ID as well as a username and password for a Yellow Dog Inventory Database Instance.

Authentication for the fetch api require an access token from the yellow dog authentication api found at auth.yellowdogsoftware.com. The two most commonly used endpoints and their usage are as followed.

Access Token

POST /token

Access tokens provide the ability to interact with Yellow Dog’s Web APIs. To get a valid access token you’ll need to provide a userName, password, and clientId.

• Valid for 1 hour

Request Body

{
  "userName": "string",
  "password": "string",
  "clientId": "string"
}

Response

{
  "success": true,
  "result": {
    "accessToken": "{some access token}",
    "refreshToken": "{some refresh token}",
    "tokenType": "{bearer}",
    "clientId": "{your client id}",
    "expiresIn": 3600,
    "expires": "{2018-07-23T16:04:31Z}",
    "isUser": true
  },
  "errors": null
}

Refresh Token

POST /refreshToken

Refresh tokens are used to get a new access token without having to resubmit user credentials.

• Valid for 30 days. After 30 days, you’ll have to resubmit user credentials.
• Can only be used once.
  
  

Request Body

{
  "refreshToken": "{some refresh token}", // "2ecet06a-bd6a-4f94-a24a-452zt5f2c999"
  "clientId": "{your client id}" // "123456"
}

Response

{
  "success": true,
  "result": {
    "accessToken": "{some access token}",
    "refreshToken": "{some refresh token}",
    "tokenType": "{bearer}",
    "clientId": "{your client id}",
    "expiresIn": 3600,
    "expires": "{2018-07-23T16:06:35Z}",
    "isUser": true
  },
  "errors": null
}