SAP Digital Interconnect is now Sinch

Contact Us

Showing results for 
Search instead for 
Did you mean: 
Community Manager
Community Manager

Using oAuth2 for sending SMS through Live Link 365

API providers leverage several different methods to authenticate API's, but they are all largely similar - you always have to use some form of credential with the content of your request to authorize you to perform that action.


These credentials can be specified in multiple forms: user/password, just a long APIKey, certificates and there are, many other options. The wide range of choices can be confusing, therefore, some API's try to follow a more direct approach by sending the same credentials with every request or some will try to follow an authentication flow where you request a temporary valid token and use that instead.


A common method for authenticating HTTP API's is by utilizing Basic Auth. With this technique, the client code consumes the API by sending the Authorization header with a Base64 encoded user/password. For example:


curl -X GET -H 'Authorization: Basic dXNlcjpwYXNzd29yZA=='


However, when utilizing this method you are required to send your credentials for every single request, which raises some security concerns and you many need to implement other more complex techniques in addition to using HTTPS to help secure this application, for example, using VPN's and IP whitelisting to enhance the security of the application.




Using the oAuth2 protocol, you don't have to send your credentials for every request. Instead you use an access token, so the credentials are used less frequently.


First, the client credentials are used to retrieve a new access_token. For example, you can use the following request:


curl -X POST \ \

   -H 'Content-Type: application/x-www-form-urlencoded' \

   -H 'scope: livelink:api' \

   -d 'grant_type=client_credentials&token_type=JWT' \



The expected response from the previous request would be as follows:











In this response, we have a JSON body with a key that is access_token, the value for that key (0cFA5ZPhU3OkJDa2Qu4gC46oR7moP3SX) is the bearer token that will be used to authorize your subsequent requests. As a good practice, you should not be requesting the token every time a token is required for a request, unless the token is expired or invalidated. The application should store the access_token into a secure storage such as a cache or a database and retrieve that token to be used whenever is necessary for a request.


The following code can be used to send an SMS in Live Link 365 using the acquired token authentication:

curl -X POST \ \

   -H 'Authorization: Bearer

   0cFA5ZPhU3OkJDa2Qu4gC46oR7moP3SX' \

   -H 'Content-Type: application/json' \

   message": "Testing, Test v2




To learn more about how to send messages through Live Link 365 using oAuth2, refer to the Live Link 365 Documentation or refer to the additional reference links outlined below.


Further References:


Shahzad Ismail
Head of Knowledge Management and Community Engagement, Sinch
Tags (1)
0 Kudos