NextChapter uses OAuth 2.0 as protocol for authenticating users. It distinguishes different parties dealing with customer data, and defines how they can access this data.
Getting an API token using the Client Credentials flow
Requesting a new token is as simple as sending a request to the Authorization Server.
curl --request POST \
--url 'https://login.nextchapter.cloud/connect/token' \
--header 'content-type: application/x-www-form-urlencoded' \
--data grant_type=client_credentials \
--data client_id=YOUR_CLIENT_ID \
--data client_secret=YOUR_CLIENT_SECRET
The client_id and client_secret should be substituted by your own values. Optionally you can provide the scope form field to ask for a specific scope.
Note: Ensure that you are refreshing your token as needed. When your token expires, you will receive a 401 Unauthorized response, and you will need to obtain a new token.
Anatomy of a token
The API response will look similar to this:
{
"access_token": "eyJhbG...",
"expires_in": 3600,
"token_type": "Bearer",
"scope": "read:orders"
}
It holds the following fields:
access_tokenis the JSON Web Token, or JWT, that you should provide in all requests to the API.expires_inis the time in seconds when the token will expire.token_typewill always beBearer.scopewill contain the scopes you have access to.