Step 2: Obtain your access token
Avionté APIs follow an OAuth 2.0 process for authentication and authorization. To authenticate with the Avionté BOLD Front Office and be able to make valid requests, each request must be authenticated via access token. The token itself is a string of characters that is included in the Authorization header to authorize requests into the Avionté APIs.
To get a valid token, the first request you make is a POST request to the Partner Authorization API, supplying the following required information.
Request
POST https://api.avionte.com/authorize/token
Request Headers
The following table describes each parameter in the request header.
| Parameter | Required | Data type | Description |
|---|---|---|---|
Content Type | Yes | String | The media type of the body sent to the API. Enter: application/x-www-form-urlencoded. |
X-api-key | Yes | String | The API key which provides access to this API through the Avionté API Gateway. Provided to you by Avionté. |
Request Body
The following table describes each parameter in the request body.
| Parameter | Required | Data type | Description |
|---|---|---|---|
grant_type | Yes | String | The way an application gets an access token. Enter: client_credentials. |
client_id | Yes | String | Credentials for the partner/vendor authorization client. Provided to you by Avionté. |
client_secret | Yes | String | Credentials for the partner/vendor authorization client. Provided to you by Avionté. |
scope | Yes | String | The service (API) that the access token will provide access to for the authorized client. The access token will be valid only for the set of operations and resources described in the scope of the request. Provided to you by Avionté. For BOLD Front Office API and BOLD Front Office Partner Additions API enter: avionte.aero.compasintegrationservice. |
Example Request
import requests
url = "https://api.avionte.com/authorize/token"
payload = "grant_type=client_credentials&client_id=your-client_id&client_secret=your-client_secret&scope=your-scope"
headers = {
"accept": "application/json",
"content-type": "application/x-www-form-urlencoded",
"x-api-key": "your-api-key"
}
response = requests.post(url, data=payload, headers=headers)
print(response.text)
Example Response
{
"access_token": "encoded access_token",
"expires_in": 3600,
"token_type": "Bearer"
}
Response Definitions
The following table describes each item in the response.
| Response item | Type | Description |
|---|---|---|
access_token | String | The access token to be used to authorize the request. |
expires_in | Integer | The lifetime of the access token in seconds. Default value: 3600 seconds (1 hour). |
token_type | String | The type of the access token. Supported: bearer. |
Status Codes and Errors
| Status code | Description |
|---|---|
| 200 OK | HTTPS request was successful. |
| 400 Bad Request | The server cannot process the request due to something that is perceived to be a client error. |
Updated 8 months ago