Authentication

All of our APIs use OAuth 2.0 for authentication. To make API requests you will need a valid access token.
Username-password grant type can be used to exchange a username and password for an access token directly. The client will ask the user for their username and password (as opposed to being redirected to an identity provider authorization server to authenticate) and then send these to the authorization server along with the client’s own credentials. If the authentication is successful then the client will be issued with an access token.
Note, the client secret should not be included for mobile or desktop apps, where the secret cannot be protected.

The application sends a POST request to the authorization server, passing both the client_id and the client_secret in the body. The server replies with the token if the credentials are valid.

SAMPLE REQUEST

POST https://api.optimalresume.com/oauth HTTP/1.1
Accept: application/json
{
"grant_type": "password",
"username": "test_user",
"password": "test_password",
"client_id": "test_client",
"client_secret": "test_client_secret"
}


curl -X POST https://api.optimalresume.com/oauth \
-H "Accept: application/json;" \
-u "CLIENT_ID:CLIENT_SECRET" \
-d "grant_type=password&username=test_user&password=test_password"

SAMPLE RESPONSE


{
"access_token": "61e7ab831ede2641cb43b0a9c5a826b02e962a13c1",
"expires_in": 36000,
"token_type": "Bearer",
"scope": null,
"refresh_token":"494cc8b3fcc12d52581ff5a230de170f0ed23eb2"
}

GENERATE ACCESS TOKEN

Parameter Type Value Default Value Description
username
required
string The username
password
required
string The user password
client_id
required
string The OAuth 2.0 client ID for your application. The value is displayed on my apps page
client_secret
required
string The client secret associated with your client ID. The value is displayed on my apps page