We suggest the following steps:

  1. Access Token
    Most of the time, you will need access token to run API. To get access token, prepare a call to /api/access/token and add 4 parameter to your request, client_id, client_secret, username, and password. client_secret and Password value must encript with HMACSHA1.. You will get access_token from the response. Then on each API call, add Authorization header, with value "Bearer your-access-token-here". Access token lifetime is 30 minutes. To get new access token you can call /api/access-token again or refresh it.
  2. Refreshing Access Token
    To refresh access token (Extend the expiry time of the token), call to /api/access/refreshtoken, add 3 parameters. client_id, client_secret, Token client_secret value must encript with HMACSHA1. Set Token value to the value of the refresh_token you want to extended.
  3. Simple Access Token
    some API, ex: "api/Member/Add" , you can using simple-access-token (without information username and password). To using this API: add Authorization header, with value "Bearer your-simple-access-token-here". generated "your-simple-access-token-here" with a combination of ClientId and ClientSecret ( ClientId + '#' + ClientSecret). Please encript "your-simple-access-token-here" with HMACSHA1. Please encript password with HMACSHA1.
  4. Sample Encript Code with HMACSHA1
    string plainPassword = "123456";
    HMACSHA1 hash = new HMACSHA1();
    hash.Key = Encoding.Unicode.GetBytes(plainPassword);
    string encodedPassword =
         Convert.ToBase64String(hash.ComputeHash(Encoding.Unicode.GetBytes(plainPassword)));