Authorization Rules

Yeastar Partner Portal APIs use the OAuth 2.0 protocol for authentication and authorization. This topic describes the authorization process and the token expiration time.

Authorization process

The following contents show the process when a third-party application accesses Yeastar Partner Portal API using OAuth 2.0.

  1. Third-party application uses the credentials (Client ID and Client Secret) obtained from Yeastar Partner Portal to request an access token, which is required for accessing Yeastar Partner Portal API.
  2. Yeastar Partner Portal validates the credentials, and sends an access token along with a refresh token.
  3. Third-party application calls Yeastar Partner Portal API by passing the access token in an Authorization HTTP header Bearer value.
  4. Upon receiving the request, Yeastar Partner Portal authenticates the access token and returns a response, providing the information requested by the API call.
    Note: Access token expires in 30 minutes after it is generated, you need to refresh the access token before it expires.

Token validity period

  • Access token is valid for 30 minutes.
  • Refresh token is valid for 15 days.