Authenticate
To authenticate with our services, use one of the following authentication modes:
OAuth2 Authorization Code
This type of authentication is suited to cases when the third-party software is a web application.
- The user performs an action that requires the 3-P webapp to get a valid token for
Connectors APIs - The 3-P webapp redirects the user along with clientId and redirectUri parameters to the
Connectors APIs/auth/authorize. It then shows the eSignAnyWhere login page - After inserted the right credentials the
authorization codewill be given back to 3-P redirectUri - The 3-P webapp uses the
authorization codeto request anaccess-tokenby calling theConnectors APIs/auth/token. This endpoint is protected with a basic authentication where username and password are the parameters clientId and clientSecret specified in credentials.
Credentials
If you don't have Connectors APIs credentials visit the Getting Started section
Request an authorization code
When the user perform an action on the third party web app that requires a valid auth session with the Connectors APIs it should make a:
GET /auth/authorize
Parameters
| Name | Description |
|---|---|
| clientId | It's the application identifier part of the credentials received from us during configuration phase |
| redirectUri | It's the third party application callback endpoint that knows how to treat the parameters code and state |
Use the authorization code to get an access token
The callback endpoint specified as redirectUri in the previous step should handle the request when the redirection flow terminate by sending back code and state parameter to it. It should then give the authorization code to obtain a access-token by making the following request:
POST /auth/token
Parameters
| Name | Description |
|---|---|
| grantType | authorization_code fixed value |
| redirectUri | Redirect Uri. It has to be equal to the one specified at the beginning of the authentication flow |
| code | Authorization code returned from authorize |
Authorization
A basic authentication is required by combining and encoding clientId and clientSecret