Make a POST request to the /sessions with your credentials
const sessionsEndPoint= "https://config.bluedot.io/prod1/sessions/";
const credentials = {
"email": "user@email.com",
"password": "password123"
};
fetch(sessionsEndPoint, credentials).then(reponse => {
/*
The response will return an object with the following structure:
{
"status": "success",
"idToken": "string",
"accessToken": "string",
"refreshToken": "string"
}
*/
// Attach the returned "accessToken" in the header of any subsequent call to the API
const { accessToken } = response
})
2. Attach the returned accessToken as Authorization: Bearer <token> in the HTTP header of any subsequent call to the API
Expiry time of the Tokens
- accessToken: An Access Token is a credential that can be used by an application to access the Configuration API. It is active for 1 hour.
- refreshToken: The Refresh Token is a special token that can be used to obtain a renewed accessToken. It is active for 60 days.
Best Practises on using the Session API
- Have a fail/retry strategy for using the access token – if it expires, catch the failure, reauthenticate to get a new access token and try again.
- The refresh token can be used, but for an m2m integration, it’s less important (the email/password can be used instead). The refresh token is typically used by less secure clients such as browsers.