Secured REST API

When using the REST API, communication between the REST client and Live Hub is secured by using TLS.

Authentication of the client with Live Hub is through OAuth 2.0 client credentials grant type, which is used by clients to obtain an access token.

Once a token is obtained, the client uses the token (Bearer) in the request Authorization header when sending resource URLs to Live Hub:

Authorization: Bearer {ACCESS_TOKEN}

In the request for a token, the client needs to provide the client ID and client secret. This is generated by Live Hub's IAM functionality when adding an API Client, as described here.

Note: The access token is valid for an hour.

The following shows an example of a client obtaining a token:

Client requests access token:

POST /oauth/token
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials&client_id=API_CLIENT_ID&client_secret=API_CLIENT_SECRET

Client receives access token:

HTTP/1.1 200 OK
Content-Type: application/json
{
"access_token":"eyJz93a...k4laUWw",
"token_type":"Bearer",
"expires_in":900
}