If you are integrating with the Spacebring API, the authentication method you use will depend on your role:

Basic Authentication

Basic authentication is a simple authentication scheme built into the HTTP protocol. The client sends HTTP requests with the Authorization header that contains the word Basic word followed by a space and a base64-encoded string username:password. In Spacebring, username is your client_id and password is your client_secret. For example, to authorize as client id / client secret you would send

Authorization: Basic Y2xpZW50IGlkOmNsaWVudCBzZWNyZXQ=

You will need a Client ID and Client Secret, which are accessible only to the owner of your Spacebring app. The owner can retrieve this information by navigating to Account > [Select Network] > API.

OAuth2

Obtain your Client ID and Client Secret and register a valid redirect_uri. To do it, please reach out to api@spacebring.com.

Obtaining authorization code

You need to make a GET request to https://api.spacebring.com/oauth2/authorize with following query parameters:

ParameterDescription
client_idyour Client ID
redirect_uriyour redirect_uri
response_typeshould be set to code
scopelist of scopes separated by spaces or commas

If all parameters are valid, you will be redirected to our page where you can login. After that you will be redirected to your redirect_uri with code in query parameters.

Obtaining access and refresh tokens

With code received in previous step you need to make a POST request to https://api.spacebring.com/oauth2/token with following body in x-www-form-urlencoded format:

ParameterDescription
client_idyour Client ID
client_secretyour Client Secret
grant_typeshould be set to authorization_code
codecode received in previous step

You will receive response that looks like this:

{
  "access_token": "accessToken",
  "expires_in": 3600,
  "refresh_token": "refreshToken",
  "scope": "resources locations",
  "token_type": "Bearer"
}

Accessing API

You need to pass your access token in ‘Authorization’ header along with spacebring-network-id header with the id of the network.

Refreshing access token

Access tokens have a limited lifetime of 1 hour. To get new access token you need to make a POST request to https://api.spacebring.com/oauth2/token with following body in x-www-form-urlencoded format:

ParameterDescription
client_idyour Client ID
client_secretyour Client Secret
grant_typeshould be set to refresh_token
refresh_tokenrefresh token received in previous step

You will receive response that looks like this:

{
  "access_token": "accessToken",
  "expires_in": 3600,
  "scope": "resources locations",
  "token_type": "Bearer"
}

Refresh tokens don’t have expiration date and are not changed when you get new access token.

Revoking access token

To revoke your refresh and access tokens you need to make a POST request to https://api.spacebring.com/oauth2/revoke with token in query parameters.

You will receive response that looks like this:

{
  "status": "success"
}
Pagination