Password based authentication

Authentication to LRS Connect API uses OAuth 2.0.

User can find access token and refresh token using password-based authentication.
Data for inactive accounts will not be returned.

/rest/v4/oauth/token

Request

In order to receive tokens,

curl --location --request POST 'https://connect.lrsus.com/rest/v4/oauth/token' \
--header 'Content-Type: application/json' \
--data-raw '{
    "scope": "OFFLINE_ACCESS",
    "userName": "username",
    "password": "password",
    "grantType": "PASSWORD"
}
'

var myHeaders = new Headers();
myHeaders.append("Content-Type", "application/json");

var raw = JSON.stringify({"scope":"OFFLINE_ACCESS","userName":"username","password":"password","grantType":"PASSWORD"});

var requestOptions = {
  method: 'POST',
  headers: myHeaders,
  body: raw,
  redirect: 'follow'
};

fetch("https://connect.lrsus.com/rest/v4/oauth/token", requestOptions)
  .then(response => response.text())
  .then(result => console.log(result))
  .catch(error => console.log('error', error));

import http.client

conn = http.client.HTTPSConnection("connect.lrsus.com")
payload = "{\n    \"scope\": \"OFFLINE_ACCESS\",\n    \"userName\": \"username\",\n    \"password\": \"password\",\n    \"grantType\": \"PASSWORD\"\n}\n"
headers = {
  'Content-Type': 'application/json'
}
conn.request("POST", "/rest/v4/oauth/token", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))

#import <Foundation/Foundation.h>

dispatch_semaphore_t sema = dispatch_semaphore_create(0);

NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://connect.lrsus.com/rest/v4/oauth/token"]
  cachePolicy:NSURLRequestUseProtocolCachePolicy
  timeoutInterval:10.0];
NSDictionary *headers = @{
  @"Content-Type": @"application/json"
};

[request setAllHTTPHeaderFields:headers];
NSData *postData = [[NSData alloc] initWithData:[@"{\n    \"scope\": \"OFFLINE_ACCESS\",\n    \"userName\": \"username\",\n    \"password\": \"password\",\n    \"grantType\": \"PASSWORD\"\n}\n" dataUsingEncoding:NSUTF8StringEncoding]];
[request setHTTPBody:postData];

[request setHTTPMethod:@"POST"];

NSURLSession *session = [NSURLSession sharedSession];
NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
  if (error) {
    NSLog(@"%@", error);
    dispatch_semaphore_signal(sema);
  } else {
    NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
    NSError *parseError = nil;
    NSDictionary *responseDictionary = [NSJSONSerialization JSONObjectWithData:data options:0 error:&parseError];
    NSLog(@"%@",responseDictionary);
    dispatch_semaphore_signal(sema);
  }
}];
[dataTask resume];
dispatch_semaphore_wait(sema, DISPATCH_TIME_FOREVER);

Request Body

Key	Description
scope	The scope of authentication. Provide scope as OFFLINE_ACCESS.
userName	The user name of the user.
password	The password of the user.
grantType	The authentication grant type. Provide authentication grant type as PASSWORD.

Response 200 (application/json)

The response will contain a "Bearer" token that must be passed on subsequent requests. The token is valid for 3600 seconds by default. The response also contains a refresh token which can be used to fetch the bearer token again.

{
    "tokenType": "Bearer",
    "expiresIn": "3600",
    "accessToken": "eyJraWQiOiJJQVE3czZMeFNmdW03SWFhYjNocEtiM0R5dGJta2Jic2dwUzVGRElnR2I4IiwiYWxnIjoiUlMyNTYifQ.eyJ2ZXIiOjEsImp0aSI6IkFULnJ4TUFpYmtBZEJiUHMtYzBlOERmWm5rZUZRU0lzc01WQk51R1RFSGhMVXcub2FyeTFyazI5R3dFbmtNWDEwaDYiLCJpc3MiOiJodHRwczovL2Rldi05MTA3NDEub2t0YXByZXZpZXcuY29tL29hdXRoMi9hdXNianF0YmVpRURlcjZRVDBoNyIsImF1ZCI6Imh0dHBzOi8vYXBpLnN0b3JtcGF0aC5jb20vdjEvYXBwbGljYXRpb25zLzVzdW10Z2h3cDZWTDZxR1NtQ3dUMmMiLCJpYXQiOjE2MTUzNjg2NTIsImV4cCI6MTYxNTM3MjI1MiwiY2lkIjoiMG9hYmpwNW4wYVFQVzNBR0UwaDciLCJ1aWQiOiIwMHVmcGE0ZtIn0.skBZEwFaKHTYCX10889fvJlFd9eLDmxSmiFm78_x7e-TpgxrXI6No-1FqYZ4eFgBLLaBB3Ljet1Ifj0feBvGiXT5RbmYk0MxtaCqq3MN-eEin5-D1WbEkC80NltXhkb8wyN_fyTUn8epFs_gec2DE4-TO99w4WVeKOMHeJacFks6TJby77mXrL8KmB5BOQsck3cEypkP6M5Lnwv5uc-sbL1GI5qB0VZwGPrhdDkRCywzDCIfmJyxvcrh9h0AgyVTjqa4B1OXAIoeFn71YAg9D-3vMvW1NIaBvoh3NRynGeJ3af6ZiIHPDLjPMLESKChw-L_GklbV2Iy1OAo0c7iBIQ",
    "scope": "offline_access",
    "refreshToken": "wZNBvgaPrP_SzjWvZd90Wpc5KmuC3xs18b32323230"
}

The token is passed as an Authorization header value.

Header	Value	Description
Authorization	Example: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0MzU3N...FWFxGl3odgJ25T0O7kwq-hca2QDtSIWKUFHTpBNU97c	Concatenate value of "Bearer" and `access_token` returned from /rest/v3/oauth/token method.

Header

Value

Description

Authorization

Example:

Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0MzU3N...FWFxGl3odgJ25T0O7kwq-hca2QDtSIWKUFHTpBNU97c

Concatenate value of "Bearer" and access_token returned from /rest/v3/oauth/token method.

SSL

SSL is used to encrypt all requests to & from LRS Connect API.