Authentication

Tell us who you are

Was this helpful?

Exchange credentials for token. (Example only)

post

You will be provided with a client_id and a client_secret which you'll use to authenticate yourself in the system. The first thing you need to do is to get access token which you will then use for further requests. When it expires, you will need to request another one. Multiple tokens can be active at once.

Supported types:

client_credentials Once you have a valid access token, you will need to use it to sign all requests made to the Prio API.

This is done by providing Authorization HTTP header along with each of your requests in the following format:

Authorization: <token_type> <access_token>

If this header is not present in the request, the service will reject the request by returning the HTTP error code 400 and respond with an appropriate error message.

Please do not manually perform this operation, we highly encourage you to use an existing OAuth library for your specific language.

Make sure to call this endpoint only in case your current token has expired to reduce roundtrips and overal latency.

Authorizations

Header parameters

AuthorizationstringOptional

The client sends HTTP requests with the Authorization header that contains the word Basic word followed by a space and a base64-encoded string username:password.

Body

grant_typestringRequired

Value MUST be set to "client_credentials".

Example: client_credentials

scopestringOptional

The scope of the access request.

Example: https://www.prioticketapis.com/auth/distributor.booking

Responses

200

Successfully Authenticated

application/json

400

Invalid Request The request is missing a required parameter, includes an unsupported parameter value (other than grant type), repeats a parameter, includes multiple credentials, utilizes more than one mechanism for authenticating the client, or is otherwise malformed.

application/json

401

Authentication Failed Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method). The authorization server MAY return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported. If the client attempted to authenticate via the `Authorization` request header field, the authorization server MUST respond with an HTTP 401 (Unauthorized) status code and include the `WWW-Authenticate` response header field matching the authentication scheme used by the client.

application/json

405

Method Not Allowed The HyperText Transfer Protocol (HTTP) 405 Method Not Allowed response status code indicates that the request method is known by the server but is not supported by the target resource. A request method is not supported for the requested resource; for example, a GET request on a form that requires data to be presented via POST, or a PUT request on a read-only resource.

application/json

406

Not Acceptable The HyperText Transfer Protocol (HTTP) 406 Not Acceptable client error response code indicates that the server cannot produce a response matching the list of acceptable values defined in the request's proactive content negotiation headers, and that the server is unwilling to supply a default representation.

application/json

422

Unprocessable Entity The HyperText Transfer Protocol (HTTP) 422 Unprocessable Entity response status code indicates that the server understands the content type of the request entity, and the syntax of the request entity is correct, but it was unable to process the contained instructions.

application/json

429

Too Many Requests The HTTP 429 Too Many Requests response status code indicates the user has sent too many requests in a given amount of time ("rate limiting").

application/json

500

Internal Server Error The HyperText Transfer Protocol (HTTP) 500 Internal Server Error response code indicates that the server encountered an unexpected condition that prevented it from fulfilling the request.

application/json

501

Not Implemented The HyperText Transfer Protocol (HTTP) 501 Not Implemented server error response code means that the server does not support the functionality required to fulfill the request. The server either does not recognize the request method, or it lacks the ability to fulfil the request. Usually this implies future availability (e.g., a new feature of a web-service API).

application/json

502

Bad Gateway The HyperText Transfer Protocol (HTTP) 502 Bad Gateway server error response code indicates that the server, while acting as a gateway or proxy, received an invalid response from the upstream server. The HTTP 502 Bad Gateway error is exclusively returned in case of problems during communication with the supplier or third-party system.

application/json

503

Service Unavailable The HyperText Transfer Protocol (HTTP) 503 Service Unavailable server error response code indicates that the server is not ready to handle the request. The HTTP 503 Service Unavailable error is exclusively returned in case of problems during internal communication.

application/json

504

Gateway Timeout The HyperText Transfer Protocol (HTTP) 504 Gateway Timeout server error response code indicates that the server, while acting as a gateway or proxy, did not get a response in time from the upstream server that it needed in order to complete the request. The HTTP 504 Gateway Timeout error is exclusively returned in case of problems during communication with the supplier or third-party system.

application/json

post

POST /v3.8/distributor/oauth2/token HTTP/1.1
Host: staging-distributor-api.prioticket.com
Authorization: Basic username:password
Content-Type: application/json
Accept: */*
Content-Length: 101

{
  "grant_type": "client_credentials",
  "scope": "https://www.prioticketapis.com/auth/distributor.booking"
}

{
  "access_token": "eyJhbGciOiJIUzI1NiJ9.e30.XmNK3GpH3Ys_7wsYBfq4C3M6goz71I7dTgUkuIa5lyQ",
  "token_type": "Bearer",
  "expires_in": 3600,
  "scope": "https://www.prioticketapis.com/auth/distributor.booking"
}