Authentication

All of our APIs use OAuth 2.0 for authentication. To make API requests you will need a valid access token.
The refresh token enables your application to obtain a new access token if the one that you have expires. The access tokens issued are by default short lived (they expire after 5 hours). 
A refresh token has a longer lifetime (14 days) 
allowing applications to exchange an expired access token for a new one, without redoing authorization.
 Your application should store access tokens and refresh tokens in a secure location. Without a refresh token the user will need to repeat the OAuth 2.0 consent flow everytime the access token expires.

When an access token is expired the client sends a POST request to the authorizaton server, passing the refresh_token, client_id and the client_secret in the body.

SAMPLE REQUEST

POST https://api.optimalresume.com/oauth HTTP/1.1
Accept: application/json
Content-Type: application/json
{
"grant_type": "refresh_token",
"refresh_token": "REFRESH_TOKEN",
"client_id": "CLIENT_ID",
"client_secret": "CLIENT_ID"
}


curl -X POST https://api.optimalresume.com/oauth \
-H "Accept: application/json;" \
-u "CLIENT_ID:CLIENT_SECRET" \
-d "grant_type=refresh_token&refresh_token=61e7ab831ede2641cb43b0a9c5a826b02e962a13ew"

SAMPLE RESPONSE


{
"access_token": "61e7ab831ede2641cb43b0a9c5a826b02e962a13c1",
"expires_in": 36000,
"token_type": "Bearer",
"scope": null
}

GENERATE ACCESS TOKEN

Parameter Type Value Default Value Description
refresh_token
required
string The refresh token
client_id
required
string The OAuth 2.0 client ID for your application. The value is displayed on my apps page
client_secret
required
string The client secret associated with your client ID. The value is displayed on my apps page