Authorization Rules

YCM APIs use the OAuth 2.0 protocol for authentication and authorization. This topic describes the authorization process and the token expiration time.

Authorization Process

The following contents show the process when application accessing the YCM API using OAuth 2.0.
1. Enable YCM API
You need to enable the API feature on Yeastar Central Management web interface, and obtain the Client ID and Client Secret. For more information, see Enable YCM API.
2. Obtain access token
Use the Client ID and Client Secret to obtain an access token from Yeastar Authorization Server, which will allow your application to access the API. For more information, see Request Access Token.
3. Send the access token to an API
After your application obtains an access token, you must add the access token in the HTTP Authorization header. In this way, the Authorization Server allows you to make REST API requests.
4. Refresh the access token if necessary

The access token expires after 30 minutes. If your application needs access to a YCM API after 30 minutes, you need to refresh the access token. A refresh token allows your application to obtain a new access token.

For more information, see Refresh Access Token.

Token expiration

An access token expires after 30 minutes.

A refresh token expires after 15 days. A refresh token might stop working for one of these reasons:

  • The refresh token has been revoked.
  • The refresh token has not been used for 15 days.
  • The Client Secret that is on YCM web interface has been regenerated.