Skip to main content
Version: v2.0

Authentication

The Truphone Connect API uses OAuth2 Client Credentials authentication type to authenticate request. You can get authentication tokens using the following url: https://services.truphone.com/auth/realms/tru-staff/protocol/openid-connect/token. Please be aware that these tokens have a limited duration so you need to include refresh logic in the client code, so that the token gets refreshed automatically without breaking the user experience.

Obtaining and using an access token#

Example using Postman#

  • Create a new request
  • In the Authorization tab, set type to OAuth 2.0
  • Fill in the Configure New Token form with the following values:
  • Click on the Get New Access Token button, which will trigger a popup saying 'Authentication complete'.
  • In the Manage Access Tokens popup, hit the Use Token
  • Proceed with your request. The generated token should be valid for 5 minutes

Example using cURL#

$ export ACCESS_TOKEN=`curl -s --data \    "grant_type=client_credentials&client_id=truphone&client_secret=xxxxxx-xxxx-43f3-9fba-85686d72c1c0" \    https://services.truphone.com/auth/realms/tru-staff/protocol/openid-connect/token \    | sed 's/.*access_token":"\([^"]*\).*/\1/'`    $ echo $ACCESS_TOKEN        # view the access token
$ curl -H "Authorization: Bearer $ACCESS_TOKEN" https://services.truphone.com/connect-api/...

Refreshing the access token with a refresh token#

To refresh the access token, you can use the refresh token. The refresh token is obtained on the first call to obtain the access token (described previously). After that you can use it as shown on the following example:

Example using cURL#

$ export ACCESS_TOKEN=`curl -s --data \    "grant_type=refresh_token&refresh_token=<your_refresh_token>k&client_id=truphone&client_secret=xxxxxx-xxxx-43f3-9fba-85686d72c1c0" \    https://services.truphone.com/auth/realms/tru-staff/protocol/openid-connect/token \    | sed 's/.*access_token":"\([^"]*\).*/\1/'`    $ echo $ACCESS_TOKEN        # view the access token

This call will give you an access token and a refresh token. The refresh token will be valid for 30 minutes.