Authentication ************** Authentication to the APIs will be through an **OAuth2** *client_id* and *client_secret* which will be sent as a header parameter. The key will be provided by Taskmonk. ====== Server ====== **Test:** preprod.taskmonk.io **Production:** api.taskmonk.io =========================== Generate client credentials =========================== API authentication uses OAuth2 client credentials mechanism. **client_id** and **client_secret** can be generation by any user having admin access to Taskmonk web application. Kindly follow the steps mentioned in the below link to generate credentials in the preprod or production environment. https://taskmonk.atlassian.net/wiki/spaces/TD/pages/558497797/Create+API+credentials+and+provide+access+to+projects ================ Get access token ================ Authentication for all the APIs will be through an access token which can be fetched using this API. Use the *client_id* and *client_secret* generated in the previous step. **Endpoint:** /api/oauth2/token?grant_type=client_credentials&client_id=client_id&client_secret=client_secret **Method:** POST **Params:** grant_type, client_id, client_secret **Content-Type:** application/json **Response:** { "token_type": "Bearer", "access_token": "Y2IyMDVhOTAtMGU1My00ZDM3LTg3ZjQtOWI1OThmYzY4Nj", "refresh_token": "ZGJiMWI4MTktNjA2NS00ZTVhLWIxODQtM2VjMjQ0OWJiNm", "expires_in": 3500 } Add the header {“Authorization” : “Bearer $access_token” } to all the below given APIs. Replace access_token with the String received in the response of above API. ==================== Refresh access token ==================== On expiry of the access token, the refresh_token can be used to get a new access token **Endpoint:** /api/oauth2/token?grant_type=refresh_token&client_id=client_id&client_secret=client_secret&refresh_token=refresh_token **Method:** POST **Params:** grant_type, client_id, client_secret **Content-Type:** application/json **Response:** { "token_type": "Bearer", "access_token": "Y2IyMDVhOTAtMGU1My00ZDM3LTg3ZjQtOWI1OThmYzY4Nj", "refresh_token": "ZGJiMWI4MTktNjA2NS00ZTVhLWIxODQtM2VjMjQ0OWJiNm", "expires_in": 3500 } Add the header {“Authorization” : “Bearer $access_token” } to all the below given APIs. Replace access_token with the String received in the response of above API.