Managing OAuth Clients

Generating an OAuth Client

To generate a new set of OAuth Client credentials simply log into the OmniFund portal and navigate to Profile >> API Access.   Then click on the "New OAuth Client" button.  A new Client ID and Secret will be generated and displayed. 

NOTE:  While the Client ID can be viewed from the API Access section at any time, the Client Secret will only be view-able when it is created and is non-recoverable.  Please ensure that you securely store your Client secret to protect against theft or loss.   If you happen to lose or forget the client secret, a new client will need to be create and your integration credentials updated.

To make managing and identifying multiple integration points easier, OAuth clients can be assigned a descriptive name.  To update the name of the client simply choose the edit action and fill in the desired value.

Obtaining an Access Token

To obtain an access token for a user, you will need to perform a HTTP POST to the token end-point.   With the request you will need to include the following parameters:

  • "client_id" and "client_secret".  OAuth client credentials that were generated above
  • "username" and "password".  These represent the credentials for the user requesting the access token.
  • "grant_type".  This should be set to "password"

Upon a successful request, you will receive a JSON formatted response with the following fields:

  • access_token
  • expires_in
  • refresh_token
  • scope
  • token_type


Refreshing an Access Token

Similar to the initial "password" access token request, a refresh token request substitutes the username/password credential fields for the refresh_token field.  Upon a successful request, a new access and refresh token will be generated.  Request fields:

  • "client_id" and "client_secret".  OAuth client credentials that were generated above
  • "refresh_token".  Refresh token value obtained in an earlier request.
  • "grant_type".  This should be set to "refresh_token"


Token Login

To allow the user to login to the OmniFund application with an access token, it will need to be included in the "Authorization" header of a POST request to the login end-point.