Step 2: Obtain your access token

Avionté APIs follow an OAuth 2.0 process for authentication and authorization. To authenticate with the Avionté BOLD Front Office and be able to make valid requests, each request must be authenticated via access token. The token itself is a string of characters that is included in the Authorization header to authorize requests into the Avionté APIs.

To get a valid token, the first request you make is a POST request to the Partner Authorization API, supplying the following required information.

Request

POST https://api.avionte.com/authorize/token

Request Headers

The following table describes each parameter in the request header.

ParameterRequiredData typeDescription
Content TypeYesStringThe media type of the body sent to the API.
Enter: application/x-www-form-urlencoded.
X-api-keyYesStringThe API key which provides access to this API through the Avionté API Gateway. Provided to you by Avionté.

Request Body

The following table describes each parameter in the request body.

ParameterRequiredData typeDescription
grant_typeYesStringThe way an application gets an access token. Enter: client_credentials.
client_idYesStringCredentials for the partner/vendor authorization client. Provided to you by Avionté.
client_secretYesStringCredentials for the partner/vendor authorization client. Provided to you by Avionté.
scopeYesStringThe service (API) that the access token will provide access to for the authorized client. The access token will be valid only for the set of operations and resources described in the scope of the request. Provided to you by Avionté.

For BOLD Front Office API and BOLD Front Office Partner Additions API enter: avionte.aero.compasintegrationservice.

Example Request

import requests

url = "https://api.avionte.com/authorize/token"

payload = "grant_type=client_credentials&client_id=your-client_id&client_secret=your-client_secret&scope=your-scope"
headers = {
    "accept": "application/json",
    "content-type": "application/x-www-form-urlencoded",
    "x-api-key": "your-api-key"
}

response = requests.post(url, data=payload, headers=headers)

print(response.text)

Example Response

{
  "access_token": "encoded access_token",
  "expires_in": 3600,
  "token_type": "Bearer"
}

Response Definitions

The following table describes each item in the response.

Response itemTypeDescription
access_tokenStringThe access token to be used to authorize the request.
expires_inIntegerThe lifetime of the access token in seconds. Default value: 3600 seconds (1 hour).
token_typeStringThe type of the access token. Supported: bearer.

Status Codes and Errors

Status codeDescription
200 OKHTTPS request was successful.
400 Bad RequestThe server cannot process the request due to something that is perceived to be a client error.