Requesting an access token
Make a POST
request to /oauth/token
, with the following parameters in the json body:
Property | Value | Description |
---|---|---|
grant_type | client_credentials | A constant value at present |
audience | https://api.firstaml.com | A constant value at present |
client_id | Provided by First AML when registering your integration | |
client_secret | Provided by First AML when registering your integration |
An example request would look like the:
POST /oauth/token
{
"client_id":"6SEYDZ6zbpcyyBUiCM3t9AGgKNO8904T",
"client_secret":"j3nLZjXbKLa6rN4dXsdN7LFEwkZvcDHyheOd63-07Iiejd0lusq9lzbQwjbKa8Mrt",
"audience":"https://api.firstaml.com",
"grant_type":"client_credentials"
}
The response will have the following format
{
"access_token": "eyJhbGciOiJS....OkFx38SFQ",
"expires_in": 86400,
"token_type": "Bearer"
}
The value of the access_token
should be passed as an Authorization
header with all subsequent requests to the API’s /graphql
endpoint and documentation endpoints, in the format of:
Authorization: Bearer <access token>
e.g.
Authorization: Bearer eyJhbGciOiJS....OkFx38SFQ
Testing your access token
As a first request we suggest confirming your credentials are working correctly to retrieve the metadata associated with the client, this will also allow you to see which organizations you can retrieve data or submit cases for:
POST https://public-api-sandbox.firstaml.com/graphql/
query {
me {
apiClientId
friendlyApiClientName,
scopes
accessibleOrganizations {
organizationId
name
offices{
key
name
}
}
}
}
The expected response will look like something like this:
{
"data": {
"me": {
"apiClientId": "abcdEFGokp5lRMf8fnk6IMXPycidd5TxZe@clients",
"friendlyApiClientName": "Public API - your org inc.",
"scopes": [
"case-management",
"read-only"
],
"accessibleOrganizations": [
{
"organizationId": "abc1234567894067a56d52412e600e7c",
"name": "Your org inc.",
"offices": [
{ "key": "abc12345-3476-4cf6-8491-bdd1272cf015", name: "Syndey" },
{ "key": "abc456789-3476-4cf6-8491-bdd1272cf015", name: "Auckland" },
]
}
]
}
}
}
Expiration
When tokens have expired, any requests utilising the access token will return a response with a status code of 401 Unauthorized
. At this point you should make a request to the access token endpoint to get a fresh access token.