Authorization
KORE's APIs are secured using the OAuth2.0
Protocol, specifically Client Credentials
Flow to obtain tokens to authorize you to access your resources.
To call any of KORE's APIs, you will need to exchange your Client Credentials, Client ID
and Client Secret
, for an Access Token
. You can view your Client Credentials in your Client's Details.
How it Works
1. Send API Credentials
Your application sends the client credentials, Client ID and Client Secret, to KORE's authorization server.
KORE's auth endpoint is https://api.korewireless.com/api-services/v1/auth/token
2. KORE validates the credentials
If the Client Credentials are not valid, you will receive an error.
If the credentials are valid, KORE responds with an access token per RFC 6749.
The expires_in
property is given in seconds.
3. Make an API Call
When you call any REST API, include the access token (returned from step2. KORE validates the credentials) in the authorization header: --header Authorization: Bearer {access_token}
.
When your access token expires, repeat the process, starting with Step 1.
Refer to our guide on Refreshing your API Access token for an example.
Client Credentials
When you create an API Client, the Client Secret
is shown only once, after which you will not be able to retrieve the Client Secret
.
The Client ID
is always shown as this is how you uniquely identify your client.
Your client credentials are like your username and password and should be secured appropriately.
Access Token Expiry Times
When you create your API Client, you can pick an expiry time.
The options we support are
1 hour
1 day (24 hours)
30 days
24 months (2 years)
When you request an Access Token
, given your Client Credentials, the Acces Token
you will have an expiration time based on what you selected when creating your API Client. When your Access Token
expires, you will be required to request a new access token.
If the Access Token
expires, and your application attempts to make an API call, you will be presented with an error.
Access Token Scopes
Access Token Scope is a mechanism in OAuth2.0 that limits your application to only the products and resources you require.
Picking your scopes is done during client creation, which can be modified later.
Changing the scope of your API Client requires you to generate a new Access Token, as the Access Token you are currently using will have the old scopes.
When you receive your token from KORE, it will contain the scopes you identified when you created your API Client.
Last updated