Authentication of requests

Requests are verified via two methods:

1. The first method is by using a key that is sent in the “Authorization” HTTP Header. This value is generated by Alignet, and should be kept secret at all times.

2. The other way to authenticate is by OAuth. In this case, Alignet will provide a “client_id” and a“client_secret” which should be used in the payload of the request to the token generation.

To obtain the token you should call the endpoint https://auth.wip.alignet.io/token as in the following example:

import requests import json

url = "https://auth.wip.alignet.io/token"

payload = json.dumps({ "action": "authorize",
"grant_type": "client_credentials", "audience": "https://api.dev.alignet.io",
"client_id":  "z8WwAV7rd2jCU0SivwtQVv941kqZcEou",
"client_secret": "Rlz8td8ppm1Z1tpxsozWze7wR4p2rEFsfL32qAlznzuABiOqzPMx0bWl0nHjZBzr", "scope": "create:token post:charges"
})
headers = {
'ALG-API-VERSION': '1618440906',
'Content-Type': 'application/json'
}

response = requests.request("POST", url, headers=headers, data=payload) 
print(response.text)

CODE

This will in turn give a response like so:


{
"action": "authorize", "success": true, "access_token":
"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IlVfR2ZLYkNmUUhSRjJpYjA4cVdsdCJ9.ey Jpc3MiOiJodHRwczovL2Rldi1ocTBjZHBrai51cy5hdXRoMC5jb20vIiwic3ViIjoiYkNYblM4dGpVa mJpN0pZNFVBbWxwNUFqSDg4RUNOVk5AY2xpZW50cyIsImF1ZCI6Imh0dHBzOi8vOGVmdGd waDlrYS5leGVjdXRlLWFwaS51cy1lYXN0LTEuYW1hem9uYXdzLmNvbSIsImlhdCI6MTY1MDQy NjgyOCwiZXhwIjoxNUwNTEzMjI4LCJhenAiOiJiQ1huUzh0alVqYmk3Slk0VUFtbHA1QWpIODh FQ05WTiIsInNjb3BlIjoiY3JlYXRlOnRva2VuIGFwaS10ZXN0OmNyZWF0ZTp0b2tlbiIsImd0eSI6I mNsaWVudC1jcmVkZW50aWFscyJ9.oZfuf7Kemi6PWHovWeiVWPnhAfLTZ5QiIJboJxyKlkmv 1nq- 4qjTH3xLH0EFEa3dRqcvWHFmgciR1VG7y6EAbBrpOTnBpPUNDqiba7aZUSgOMCAEqHs_QCf2 iyKXKxys7oWLNLhmo84pP5zPMiZD3sCdHfy_LzsolfMFiEmwAo3HHZftThRq- 6QMO8jGDR38Sl5jbKP- 1JnP5W4hu0Uo6NrnK4dzLIf7uxzRHlnETwbvgLcBZOFfVuOzOn- 16voDo80842y4DlKG5wAi3L6RBRsxfTs_4_bzEhn3AA2ARGbFSkDcfk64ct2C9ox98s9mxTUe10 SJFeD 50txlXoPDPA",
"scope": "create:token api- test:create:token", "expires_in": 86400, "token_type":
"Bearer", "authorization": {
"meta": {
"status": {
"code":
"00",
"message_ilgn": [
{
"locale": "es_PE",
"value": "Access Token creado"
        }
       }
      }
     }
    }

CODE

From this response, the user should extract the value of the “access_token” and use it in all subsequent requests in the Authorization HTTP Header.

The user should refresh the token in the amount of time given by the “expires_in” element.

Continuar API Charges ➡️