Getting Started

Authentication

Domain Concepts

API Features

Zapier

Embedded EIV

Help

Tokens

How to request and use authentication tokens.

Requesting an access token

Make a POST request to /oauth/token, with the following parameters in the json body:

Property Value Description
grant_type client_credentials A constant value at present
audience https://api.firstaml.com A constant value at present
client_id   Provided by First AML when registering your integration
client_secret   Provided by First AML when registering your integration

An example request would look like the:

POST /oauth/token

{
	"client_id":"6SEYDZ6zbpcyyBUiCM3t9AGgKNO8904T",
	"client_secret":"j3nLZjXbKLa6rN4dXsdN7LFEwkZvcDHyheOd63-07Iiejd0lusq9lzbQwjbKa8Mrt",
	"audience":"https://api.firstaml.com",
	"grant_type":"client_credentials"
}

The response will have the following format

{
  "access_token": "eyJhbGciOiJS....OkFx38SFQ",
  "expires_in": 86400,
  "token_type": "Bearer"
}

The value of the access_token should be passed as an Authorization header with all subsequent requests to the API’s /graphql endpoint and documentation endpoints, in the format of:

Authorization: Bearer <access token>

e.g.

Authorization: Bearer eyJhbGciOiJS....OkFx38SFQ

Testing your access token

As a first request we suggest confirming your credentials are working correctly to retrieve the metadata associated with the client, this will also allow you to see which organizations you can retrieve data or submit cases for:

POST https://public-api-sandbox.firstaml.com/graphql/

query {
  me {
    apiClientId
    friendlyApiClientName,
    scopes
    accessibleOrganizations {
      organizationId
      name
      offices{
        key
        name
      }
    }
  }
}

The expected response will look like something like this:

{
  "data": {
    "me": {
      "apiClientId": "abcdEFGokp5lRMf8fnk6IMXPycidd5TxZe@clients",
      "friendlyApiClientName": "Public API - your org inc.",
      "scopes": [
        "case-management",
        "read-only"
      ],
      "accessibleOrganizations": [
        {
          "organizationId": "abc1234567894067a56d52412e600e7c",
          "name": "Your org inc.",
          "offices": [
						{ "key": "abc12345-3476-4cf6-8491-bdd1272cf015", name: "Syndey" },
						{ "key": "abc456789-3476-4cf6-8491-bdd1272cf015", name: "Auckland" },
					]
        }
      ]
    }
  }
}

Expiration

When tokens have expired, any requests utilising the access token will return a response with a status code of 401 Unauthorized.  At this point you should make a request to the access token endpoint to get a fresh access token.

Overview
Cases
Next →

Related Docs

Getting Started
Authentication
Domain Concepts
API Features
Zapier
Embedded EIV
Help