Authorization Rules
YCM APIs use the OAuth 2.0 protocol for authentication and authorization. This topic describes the authorization process and the token expiration time.
Authorization Process
The following contents show the process when application accessing the YCM API using
OAuth 2.0.
- 1. Enable YCM API
- You need to enable the API feature on Yeastar Central Management web interface, and obtain the Client ID and Client Secret. For more information, see Enable YCM API.
- 2. Obtain access token
- Use the Client ID and Client Secret to obtain an access token from Yeastar Authorization Server, which will allow your application to access the API. For more information, see Request Access Token.
- 3. Send the access token to an API
- After your application obtains an access token, you must add the access token in the HTTP Authorization header. In this way, the Authorization Server allows you to make REST API requests.
- 4. Refresh the access token if necessary
-
The access token expires after 30 minutes. If your application needs access to a YCM API after 30 minutes, you need to refresh the access token. A refresh token allows your application to obtain a new access token.
For more information, see Refresh Access Token.
Token expiration
An access token expires after 30 minutes.
A refresh token expires after 15 days. A refresh token might stop working for one of these reasons:
- The refresh token has been revoked.
- The refresh token has not been used for 15 days.
- The Client Secret that is on YCM web interface has been regenerated.