Authentication

Favrit uses standard OAuth 2. 

If your implementation doesn't support Oauth 2, you may generate an access token by making a direct request, as described below.

To get an access token, you'll need to generate a base64-encoded string from your ClientId and SecretId using a colon (:) separator (i.e <ClientId>:<SecretId>) and send an authentication request like below.

Request Sample:

curl --location --request POST 'https://accounting-api-auth.favrit.com/oauth2/token' \
  --header 'Authorization: Basic ***************' \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data-urlencode 'grant_type=client_credentials' \
  --data-urlencode 'scope=prod/user prod/accounting prod/transaction'

Here *************** is the base64 valuer of your <ClientId>:<SecretId>

Response Sample:

{
    "access_token": "eyJraWQiOiI3ZFU5Y2ljU0RMemlEQTdQNEVLVUpheEZ5TWgrMU1YNWJNazJOQWZLUVdRPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiIxYjhzYzA3czl1c2twamNibjk2ZTF0ZTVmNCIsInRva2VuX3VzZSI6ImFjY2VzcyIsInNjb3BlIjoicHJvZFwvYWNjb3VudGluZyIsImF1dGhfdGltZSI6MTYzNDA5Nzk2MywiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLmV1LW5vcnRoLTEuYW1hem9uYXdzLmNvbVwvZXUtbm9ydGgtMV9TdHdiQzBTZ0ciLCJleHAiOjE2MzQxMDE1NjMsImlhdCI6MTYzNDA5Nzk2MywidmVyc2lvbiI6MiwianRpIjoiNjJjNjk1M2YtMzBjMC00MjM3LWJkYWUtNDg0YTBlZDhmZmFmIiwiY2xpZW50X2lkIjoiMWI4c2MwN3M5dXNrcGpjYm45NmUxdGU1ZjQifQ.FM_uiOpLRm3tn42kefpkgDyicZGrruKXGf9Z4xYCudR8i6KGHEYw8ne6LPYtVQwYvBNuoCk54Dy90QLVXlXYob9EBH-hKlrymY0lnGxlKcSr9urswwqsTYHW5t3WyoX55cNw6cO5Dzxkdvk_vkXvXFVe7G4uM21OTDp_i6uuDdrBJjJea0lCW28TTmar_1nnHRLrMbDM_FjMqBhaFqGF0FUt8ppo3FHQlHTWEwhxlMUbIEjI01ScC3hd460E0_313QQTH12WdgpqWwxTjI0kqtRmvh6ZzuxWcL4OQ2v6BFhinaQU7SLCgHanNswhdHsCLUx9Xw-trvqqfL49I46ybg",
    "expires_in": 3600,
    "token_type": "Bearer"
}

The access token should be used as an authorization token (i.e 'Bearer <access_token>') for subsequent API calls. The `expires_in` value is represented in seconds, which means it will be expired after 3600 second.