Authorization Rules
YMP APIs use the OAuth 2.0 protocol for authentication and authorization.
To begin, enable YMP API and obtain OAuth 2.0 client credentials from the YMP web interface (). Then your client application requests an access token from the Yeastar Authorization Server, extracts a token from the response, and sends the token to the YMP API that you want to access.
Basic steps
All applications follow the four steps when accessing a YMP API using OAuth 2.0.
1. Enable YMP API and obtain OAuth 2.0 credentials from the YMP web interface.
Visit your YMP web interface, go to to obtain the Client ID and Client Secret.
2. Obtain an access token from the Yeastar Authorization Server.
Before your application can successfully request a YMP API, it must obtain an access token that grants access to that API.
3. Send the access token to an API.
After your application obtains an access token, you must add the access token in the HTTP Authorization header. Then, the authorization server allows you to make REST API requests.
4. Refresh the access token, if necessary.
The access token expires after 30 minutes. If your application needs access to a YMP API after 30 minutes, you need to refresh the access token. A refresh token allows your application to obtain a new access token.
Token expiration
A access token expires after 30 minutes.
A refresh token expires after 15 days. A refresh token might stop working for one of these reasons:
- The refresh token has been revoked.
- The refresh token has not been used for 15 days.
- The Client Secret that is on YMP web interface has been regenerated.