Genetec ClearID™'s authentication process uses OAuth 2.0 with client ID and client secret, a method of authentication that depends on sending requests to the appropriate endpoints. Following the proper authentication process allows you to call any ClearID API with a bearer token.
This section assumes that the client ID and client secret have already been generated and retrieved.
The steps are described in the Authentication article.
How to authenticate with the Token Endpoint
To authenticate, a POST request must be sent to the Secure Token Service (STS) endpoint /connect/token
.
The token endpoints expects the POST Method to have three parameters in the HTTP body:
client_id: This information is contained in the JSON file downloaded from ClearID
client_secret: This information is contained in the JSON file downloaded from ClearID
grant_type: It should always be: client_credentials
The context type is always: application/x-www-form-urlencoded
.
See Microsoft's documentation section on how to use shared secret. ClearID does not need a scope.
Example:
Here is an example in Postman on how to request a token with the client secret.
If sucessfull, the response returned by the Token endpoint contains a bearer token that needs to be passed as authorization in every REST API request.
The expiration of the token returns is in seconds, in this example the token will be valid for the next 60 minutes. As a good practice you should request a new token after 50% of the expiration time has passed.
The next step once authentication is complete is to call any API method with the bearer token in the HTTP Header.
See Using access tokens with API calls for more information.