Securing the CMS is of utmost importance and the API is secured behind an oAuth resource server which requires
access_token to be provided before access will be granted.
access_token can be obtained from the CMS Authorization Server.
access_token has been obtained it should be provided with every request using an Authorization header. The
access_token’s are Bearer Tokens and should therefore be provided as such:
Authorization: Bearer <<access token>>
Applications connecting to the CMS API must do so using a
clientSecret which are available from the Applications page.
An application needs to be added to the CMS before an authorisation request can be processed. After adding an Application it can be granted access to two different types of credentials, called grant types.
The CMS supports two grant types:
The grant type requested must be supplied in the
grant_type query parameter whenever requesting a token.
Applications added to the CMS should specify which grant types are allowed to use those client credentials. The
client_credentials grant is typically used for machine-to-machine communication, whereas the
access_code grant type is used to authorise a user.
The CMS authorization server is used to obtain an
access_token and can be found at
authorization server supports two methods:
/api/authorize/access_tokenobtain a token