Authentication and Authorization
Description
The authentication process is a centralized security mechanism that applies to multiple API endpoints within the system. This ensures that all requests are securely validated before accessing any service. An authorization token is required to consume the API. This is obtained by sending a request with valid username and password from an authorized public IP. The IP would have to be whitelisted on our server for requests to be granted.
Once authenticated, the obtained authorization token can be used for multiple processes, including:
- Vehicle Proof of Ownership Certificate (POC) Notification
- Collection Notification
- Billing Notification
Authentication Process
- Whitelist IP Address: Send your IP address by mail to development@icmaservices.com for whitelisting
- Send Authentication Request: POST your credentials (i.e. the assigned username and password) to the authentication endpoint.
- Receive Token: If the credentials are valid, you will receive an access token.
- Include Token in Requests: Use the received token in the Authorization header for all subsequent requests to the API.
- Refresh Token: When your token expires, use the refresh token endpoint to obtain a new access token
Authentication Endpoint
URL: BaseUrl/PDMS/api/v1/RevenueDataManagement/get-authKey
Authentication Request
{
"username": "your-username",
"password": "your-password",
}
Authentication Response
{
"UserName": "your-username",
"IsVerified": true,
"AuthKey": "your-access-token",
"TokenExpiryTime": "2023-05-24T10:30:00Z",
"RefreshToken": "your-refresh-token",
"RefreshTokenExpiryTime": "2023-05-25T10:30:00Z"
}
Refresh Token Endpoint
BaseUrl/PDMS/api/v1/RevenueDataManagement/refresh-authKey
Refresh Token Request
{
"AuthKey": "your-current-auth-key",
"RefreshToken": "your-refresh-token"
}
Refresh Token Response
{
"AuthKey": "your-current-auth-key",
"RefreshToken": "your-refresh-token"
}