We use the OAuth 2.0 Authorization Framework with the Resource Owner Password Credentials Grant.
Obtain your Credentials
You will need to obtain client_id, client_secret, username, and password from your YOC Account Manager. Username and Password are valid credentials that can be used to access https://hub.yoc.com
Obtain your Access Token
The authentication process starts with a POST request to
https://oauth.yoc.com/api/v2/oauth/token
Request Parameters
| Parameter | Type | Description |
|---|---|---|
| grant_type | String | Only “password” is accepted |
| username | String | Your username used for the YOC Hub |
| password | String | Your password used for the YOC Hub |
| client_id | String | Your client id provided by YOC |
| client_secret | String | Your client secret key provided by YOC |
The API supports both multipart form data and JSON body. Both client_id and client_secret can be submitted via request body or provided using the Basic Authentication Header.
Multipart form data with client credentials
curl --request POST \
--url https://oauth.yoc.com/api/v2/oauth/token \
--header 'Content-Type: multipart/form-data' \
--form grant_type=password \
--form client_id=your-client-id \
--form client_secret=your-client-secret \
--form username=your-username \
--form password=your-password
JSON Body with Authentication header
curl --request POST \
--url https://oauth.yoc.com/api/v2/oauth/token \
--header 'Authorization: Basic AUTHORIZATION HASH' \
--header 'Content-Type: application/json' \
--data '{
"grant_type": "password",
"username": "your-username",
"password": "your-password"
}'
If the authentication request is valid and authorized, the server issues access and refresh tokens, which you can obtain from the response body.
Response Example
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache
{
"user_uuid": "your-user-uuid",
"jti": "bda1a096-358a-11ec-9534-005056837939",
"token_type": "Bearer",
"expires_in": 3600,
"access_token": "your-access-token",
"refresh_token": "your-refresh-token"
}
Response Parameters
| Parameter | Type | Description |
|---|---|---|
| user_uuid | String | Universally unique identifier of your user |
| jti | String | JTI-JWT identifier, unique for each pair of refresh/access tokens |
| expires_in | Integer | Access token lifetime in seconds |
| access_token | String | A token to access the API |
| refresh_token | String | A long lifetime token which is used to obtain another pair of access/refresh tokens |
Refreshing an Access Token
Upon expiry of the access token, the client application submits a POST request to the token endpoint to obtain another pair of access/refresh tokens.
Request Parameters
| Parameter | Type | Description |
|---|---|---|
| grant_type | String | The grant_type MUST be “refresh_token” |
| client_id | String | client_id provided by YOC |
| client_secret | String | client_secret provided by YOC |
The API supports both multipart form data and JSON body. Both client_id and client_secret can be submitted via request body or provided using the Basic Authentication Header (see above ).
Request Example (JSON Body)
curl -i -X POST \
-H "Content-Type:application/json" \
-d \
'{
"grant_type": "refresh_token",
"refresh_token": "your_refresh_token",
"client_id": "your-client-id",
"client_secret": "your-client-secret"
}' \
'https://oauth.yoc.com/api/v2/oauth/token'
Response Example
A response has the same format as for the Access Token request.
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache
{
"user_uuid": "your-user-uuid",
"jti": "bda1a096-358a-11ec-9534-005056837939",
"token_type": "Bearer",
"expires_in": 3600,
"access_token": "your-access-token",
"refresh_token": "your-refresh-token"
}
API Authorization
A client application should issue all requests to https://api.yoc.com and submit valid access token using Authorization Bearer header.
Request Example
curl -i -X GET \
-H "Authorization:Bearer your_access_token" \
'https://api.yoc.com/api/v1/reporting/publishers'