Using oAuth2 for sending SMS through Live Link 365
API providers leverage several different methods to authenticate API's, but they are all largely similar - you always have to use some form of credential with the content of your request to authorize you to perform that action.
These credentials can be specified in multiple forms: user/password, just a long APIKey, certificates and there are, many other options. The wide range of choices can be confusing, therefore, some API's try to follow a more direct approach by sending the same credentials with every request or some will try to follow an authentication flow where you request a temporary valid token and use that instead.
A common method for authenticating HTTP API's is by utilizing Basic Auth. With this technique, the client code consumes the API by sending the Authorization header with a Base64 encoded user/password. For example:
However, when utilizing this method you are required to send your credentials for every single request, which raises some security concerns and you many need to implement other more complex techniques in addition to using HTTPS to help secure this application, for example, using VPN's and IP whitelisting to enhance the security of the application.
Using the oAuth2 protocol, you don't have to send your credentials for every request. Instead you use an access token, so the credentials are used less frequently.
First, the client credentials are used to retrieve a new access_token. For example, you can use the following request:
In this response, we have a JSON body with a key that is access_token, the value for that key (0cFA5ZPhU3OkJDa2Qu4gC46oR7moP3SX) is the bearer token that will be used to authorize your subsequent requests. As a good practice, you should not be requesting the token every time a token is required for a request, unless the token is expired or invalidated. The application should store the access_token into a secure storage such as a cache or a database and retrieve that token to be used whenever is necessary for a request.
The following code can be used to send an SMS in Live Link 365 using the acquired token authentication: