Overview
You need to make some API requests and you are looking for instructions on how to obtain an access token for the API.
Solution
In order to obtain an access token (IdToken), you first need to have access to the credentials of one of the multiple administrative accounts for your provider before following the steps below.
Important: The type of account used to obtain an access token would depend on the API requests you plan to use. For instance, if you plan to work with accounts/devices, then you would need to use the credentials of an Account Admin to request the access token. See Using the CCAB GraphQL API for further details.
<supportagent>The clientId in step 1 uses the AppSync clientId which is currently the same for all tenants/clients at this time.</supportagent>
- Create a file called
aws-auth-data.json
with the content below. Make sure to update the username and password values with the information from your provider.
Alternatively, one can also send this as a JSON body without using a file.
{
"AuthParameters" : {
"USERNAME" : "admin@admin.com",
"PASSWORD" : "adminpassword"
},
"AuthFlow" : "USER_PASSWORD_AUTH",
"ClientId" : "58jcnn51q51crrlmvrque7q0du"
}
- Execute the following command from the terminal in order to send the request to the Cognito service.
Note: If you are using a different tool, make sure to include the required headers (X-Amz-Target, Content-Type) and its values or the request will fail.
curl -X POST --data @aws-auth-data.json -H 'X-Amz-Target: AWSCognitoIdentityProviderService.InitiateAuth' -H 'Content-Type: application/x-amz-json-1.1' https://cognito-idp.us-east-1.amazonaws.com/us-east-1_us-east-1_foZ45Yf8D/
- If the request was valid, you will receive a response with the details below. The Token to be used for API requests is the AccessToken which lasts 60 minutes.
{
"AuthenticationResult":{
"AccessToken":"eyJraWQiOiJwRUlUOENEcHMzSmFIRFwvQXRYUm5CZGNyak….",
"ExpiresIn":3600,
"IdToken":"eyJraWQiOiJrdW50TGNDTDI5MXJPR1oxT1JHS3p3bThBaU01RlNUU….",
"RefreshToken":"eyJjdHkiOiJKV1QiLCJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiUlNBLU9BRVA...",
"TokenType":"Bearer"
},
"ChallengeParameters":{
}
}
With this token, you will now be able to perform requests to the CCAB APIs. For further information in the API calls review our API Documentation.