How to Authenticate with Swagger

This article describes how to authenticate with Swagger using Pricefx API. 

Login

Before using majority of the Swagger functionality, the client application needs to authenticate with Pricefx. We use OAuth for authentication. Use the Base URL  https://www.pricefx.eu/pricefx/<partition-name> to access the endpoints described below.

The login process uses the following endpoints:

Login: POST /token

Sample Body for /token POST request:

{
"username": "string",
"partition": "string",
"password": "string"
} 

Sample Response for /token POST request:

{
"access-token": "string",
"token-type": "string",
"refresh-token": "string",
"expires-in": 0
}

Refresh token: POST /token/refresh

Sample Body for /token/refresh POST request:

{
"username": "string",
"partition": "string",
"password": "string"
} 

Sample Response for /token/refresh POST request:

{
"access-token": "string",
"token-type": "string",
"refresh-token": "string",
"expires-in": 0
} 

Logout: DELETE /token

Sample Response for /token DELETE request: No body

Response Code: 204

All 3 Authentication Requests should have the following headers: 

Content-Type: application/json
Accept: application/json
Pricefx-Key: pfxKeyString

The value for the pfxKeyString in the headers can be provided by Pricefx upon request.


The login endpoint will return an access-token, an access-token-type and a refresh-token.

The access-token will have a defined non-auto-prolonging lifetime and can be renewed by the refresh-token and the refresh endpoint. The refresh-token does not have a lifetime, but is tied to the access-token.

The authentication of all subsequent requests is done by adding the access-token-type and access-token values separated by a space in the Authorization header as shown here:

Authorization: {access-token-type} {access-token}