API Authentication

We currently only support the OAuth2 Client Credentials Grant flow.

Both client id and client secret are required to proceed with API Authentication. Please contact Roller to request for client id and client secret.

Requesting access token

The Authorization header needs the contentType application/json, and the body includes the client_id and client_secret json payload.

To get an access token for the client credentials flow, you have to do a POST to the <<API URL>>/token endpoint:

URL: <<API URL>>/token
HTTP Method: POST                        

Headers
Content-Type: application/json

Body
{"client_id":"YOUR_CLIENT_ID_HERE","client_secret":"YOUR_SECRET_HERE"}

Which should return a bearer token as per the example below

{
    "access_token": "cd5c24313225bb9ea046a2ef0f0dbb9f",
    "expires_in": 3600,
    "token_type": "Bearer"
}

Access token lifetime

You need to reuse the access token until you receive a 401 (Unauthorized), indicating it's time for a new access token.

If you recieve a 429 (Too Many Requests) against the token endpoint, you need to review your implementation (you might be accidently requesting a new token for each request).

Making a request with the token

Making a request with the bearer token example

GET <<API URL>>/product-availability?date=...
Accept: application/json
Authorization: Bearer cd5c24313225bb9ea046a2ef0f0dbb9f