CPL API supports an authentication method based on a Bearer token using the OAuth 2.0 protocol. This type of authentication provides a secure and flexible way to access protected API resources.Authentication Requirements#
GET/INFO Method: This method does not require authentication and can be called without logging in.
All Other Methods: These require HTTP authentication using a valid Bearer token.
To access the API, you must meet the following requirements:1.
Enable OAuth 2.0:
Request CPL support to enable OAuth 2.0 access and obtain your client credentials (Client ID and Client Secret).
Security Guidelines#
Due to the nature of this authentication, it is MANDATORY to use the HTTPS protocol exclusively. This ensures encrypted communication and protects sensitive data during transmission.Access Token Validity#
The access token is valid for 30 minutes.
After expiration, the token must be refreshed.
The maximum number of tokens that can be generated is 12 tokens per minute.
Recommendations#
1.
Secure Storage of Tokens:
Access tokens and the Client Secret should never be stored in source code or in publicly accessible locations.
2.
Automatic Token Refresh:
Implement a mechanism to automatically refresh the token before it expires.
3.
Use HTTPS for All Requests:
Never send tokens or credentials over an unencrypted connection (HTTP).
Common Issues#
Invalid Token: Check that the access token has been correctly included in the Authorization header.
Expiration: If the token has expired, generate a new one.
Authentication Errors: Ensure that you are using the correct Client ID and Client Secret. Modified at 2025-02-07 07:04:38