Navigation :

Authorize Your Client

How to get the APPs identification

The main Management screen shows the APP_ID and Secret, which is the basic info for API accessing. Apps will obtain an access token that provides temporary, secure access to Nexusguard Open APIs. Through API get_access_token, an access_token will be given as authentication for any other api calls .

Generating Access Tokens

User Access Tokens
App Access Tokens

User Access Tokens

Although each platform generates access tokens via different APIs, all platforms follow the basic strategy to get a user token. However, it will be a little diffrent in Nexsuguard Developer Platform. Users/Customers will automatically authenticates and approves permissions as default after Apps being installed under their names.

Noted:

Apps/Clients will only request access and permissions via open platform API and there will not be a user login/anthorization process.

Step One: Get code

curl -X GET "https://api.nexusguard.com/oauth/connect
    ?app_id=generated-by-developer-platform
    &redirect_uri=must-share-the-same-domain-with-host_url-wrote-in-platform
    &response_type=code
    &scope=install_login
    &xspe=SPE-Admin-Portal-will-pass-it-to-entrance-API-of-App
    &state=generated-by-App-to-protect-from-CSRF
    &customer_id=SPE-Admin-Portal-will-pass-it-to-entrance-API-of-App"

This API will redirect to: {redirect_uri}?code=code&state={generated_by_App} code is the only goal developer is aimed for.

Step Two: Get access_token by code

curl -X POST "https://api.nexusguard.com/oauth/access_token" -d
        "app_id=generated-by-developer-platform
        &secret=generated-by-developer-platform
        &code=generated-by-previous-API-connect
        &grant_type=authorization_code"

Response:

{
    "code": 0,
    "msg": "success",
    "result": {
        "access_token":`"ACCESS_TOKEN"`,
        "expires_in":7200,
        "refresh_token":`"REFRESH_TOKEN"`,
        "scope":`"SCOPE"`
    }
}

Other Step: Get access_token by API refresh_token Like most of the access_token on other platform, access_token will only last for 2 hours. Developers will have to refresh it after it runs out of time.

curl -X POST "https://api.nexusguard.com/oauth/refresh_token" -d
        "app_id=generated-by-developer-platform
        &refresh_token=generated-by-previous-API-access_token
        &grant_type=refresh_code"

Response:

{
    "code": 0,
    "msg": "success",
    "result": {
        "access_token":`"ACCESS_TOKEN"`, 
        "expires_in":7200, 
        "refresh_token":`"REFRESH_TOKEN"`,
        "scope":`"SCOPE"`
    }
}

App Access Tokens

App access tokens are used to make requests to Nexusguard Open APIs on behalf of an app rather than a user. This can be used to request for SPE APIs from SPE Portal, create and manage customers, sites and other services in the future.

curl -X POST "https://api.nexusguard.com/oauth/credit/token" -d
        "app_id=generated-by-developer-platform
        &secret=generated-by-previous-API-access_token
        &grant_type=client_credential"

Response:

{
    "code": 0,
    "msg": "success",
    "result": {
        "access_token":`"ACCESS_TOKEN"`,
        "expires_in":7200
    }
}