Authentication
OAuth2
OnSched uses OAuth 2.0 for authentication and authorization. Use your client credentials to call OnSched's Identity server in order to to receive a session token, with which you are able to include as a bearer token for all requests to the Consumer or Setup API Interfaces.
Expiration
Session tokens expire after 60 minutes, for security reasons this cannot be changed. A refresh token can be used in order to allow clients to continue to have a valid access token without further interaction with the user.
Headers
When requesting a token, check the following headers to be sure that they are configured as follows:
- content-type: application/x-www-form-urlencoded
- grant_type: client_credentials
- scope: OnSchedApi
Request URL
The request URL will change based on your environment (eg. Sandbox or Production). If you are unsure of the current status of your environment please refer to the client credentials, if you are using a pair of Sandbox credentials they will begin with the word sbox and if you are using a pair of Production credentials the ClientID will begin with the word live, for example:
Sandbox: sbox1234567890
Production: live1234567890
Get a Token
curl --location --request POST 'https://sandbox-identity.onsched.com/connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=<<clientId>>' \
--data-urlencode 'client_secret=your_client_secret' \
--data-urlencode 'scope=OnSchedApi' \
--data-urlencode 'grant_type=client_credentials'
const params = {
client_id: '<<clientId>>',
client_secret: 'your_client_secret',
scope: 'OnSchedApi',
grant_type: 'client_credentials',
}
const tokenURL = 'https://sandbox-identity.onsched.com/connect/token'
// querystring.stringify(params) will encode the param data
// in application/x-www-form-urlencoded format, which is required
// by the Identity Server
axios.post( tokenURL, querystring.stringify( params ) )
.then( resp => {
// return the tokenset
resolve( resp.data )
} )
.catch( error => reject( error ) )
var request = require('request');
var options = {
'method': 'POST',
'url': 'https://sandbox-identity.onsched.com/connect/token',
'headers': {'Content-Type': 'application/x-www-form-urlencoded' },
form: {
'client_id': '<<clientId>>',
'client_secret': 'your_client_secret',
'scope': 'OnSchedApi',
'grant_type': 'client_credentials'
}
};
request(options, function (error, response) {
if (error) throw new Error(error);
console.log(response.body);
});
var settings = {
"async": true,
"crossDomain": true,
"url": "https://sandbox-identity.onsched.com/connect/token",
"method": "POST",
"headers": {
"Content-Type": "application/x-www-form-urlencoded",
"Accept": "*/*",
"Cache-Control": "no-cache",
"Host": "sandbox-identity.onsched.com",
"Accept-Encoding": "gzip, deflate",
"Content-Length": "110",
"Connection": "keep-alive",
"cache-control": "no-cache"
},
"data": {
"grant_type": "client_credentials",
"scope": "OnSchedApi",
"client_id": "<<clientId>>",
"client_secret": "your_client_secret"
}
}
$.ajax(settings).done(function (response) {
console.log(response);
});
package main
import (
"fmt"
"strings"
"net/http"
"io/ioutil"
)
func main() {
url := "https://sandbox-identity.onsched.com/connect/token"
method := "POST"
payload := strings.NewReader("client_id=<<clientId>>&client_secret=your_client_secret&scope=OnSchedApi&grant_type=client_credentials")
client := &http.Client {
}
req, err := http.NewRequest(method, url, payload)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := ioutil.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}
require "uri"
require "net/http"
url = URI("https://sandbox-identity.onsched.com/connect/token")
https = Net::HTTP.new(url.host, url.port)
https.use_ssl = true
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/x-www-form-urlencoded"
request.body = "client_id=DemoUser&client_secret=DemoUser&scope=OnSchedApi&grant_type=client_credentials"
response = https.request(request)
puts response.read_body
import http.client
conn = http.client.HTTPSConnection("sandbox-identity.onsched.com")
payload = 'client_id=DemoUser&client_secret=DemoUser&scope=OnSchedApi&grant_type=client_credentials'
headers = {'Content-Type': 'application/x-www-form-urlencoded'}
conn.request("POST", "/connect/token", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
var data = "client_id=DemoUser&client_secret=DemoUser&scope=OnSchedApi&grant_type=client_credentials";
var xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function() {
if(this.readyState === 4) {
console.log(this.responseText);
}
});
xhr.open("POST", "https://sandbox-identity.onsched.com/connect/token");
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
xhr.send(data);
OkHttpClient client = new OkHttpClient().newBuilder()
.build();
MediaType mediaType = MediaType.parse("application/x-www-form-urlencoded");
RequestBody body = RequestBody.create(mediaType, "client_id=DemoUser&client_secret=DemoUser&scope=OnSchedApi&grant_type=client_credentials");
Request request = new Request.Builder()
.url("https://sandbox-identity.onsched.com/connect/token")
.method("POST", body)
.addHeader("Content-Type", "application/x-www-form-urlencoded")
.build();
Response response = client.newCall(request).execute();
POST /connect/token HTTP/1.1
Host: sandbox-identity.onsched.com
Content-Type: application/x-www-form-urlencoded
Accept: */*
Cache-Control: no-cache
Accept-Encoding: gzip, deflate
Content-Length: 110
Connection: keep-alive
cache-control: no-cache
grant_type=client_credentials&
scope=OnSchedApi&
client_id=DemoUser&
client_secret=DemoUser
Updated over 2 years ago
What’s Next