Authentication
To authenticate with the THG Ingenuity APIs you require a bearer token, these are requested from an issuer. Managing your issuer, clients, and users can be done through the THG Ingenuity authentication console.
The token should be appended to every request in a header in the format below:
"Authorization":"Bearer {Token}"Refresh Tokens
All THG Ingenuity APIs will have the refresh token flow enabled, this flow allows you to refresh an expired bearer token (in a given time window) rather than requesting a new bearer token each time it expires. To learn more about refresh tokens and/or how to use them, Auth0 provide a great tutorial.Unauthorised Access
Attempts to access a resource with an invalid bearer token or a bearer token with invalid access permissions will result in a 401 response.Example unauthorised response:
{
"errors": [
{
"id": "4b62cc29-b81d-4e97-93be-ced3cc5b5a72",
"status": "401",
"code": "UnauthorizedException",
"title": "Unauthorized Access to Resource",
"detail": "Access Denied.",
"source": {
"header": "Authorization"
}
}
]
}