Authentication

To use the Qiscus Omnichannel API, you must authenticate yourself. Only users with valid authentication tokens can access the service.

Login

You must authenticate yourself using basic authentication (email, password) when you log in. The following are the login API you can use:

Base URL:

HTTP
Copy

Sample Request Body:

HTTP
Copy

CURL Sample:

HTTP
Copy

Sample Response:

HTTP
Copy
FieldTypeDescription
data.user.authentication_tokenstringThis field is equal to Short lived token. Token will expired in 30 days and every login usage will produce new token that doesnt make the old valid token expired
data.long__lived__tokenstringThis token will be used in token management api, such as : refresh_token, revoke_ token, active_token_list

Authentication Type

There are two types of authentication used by Qiscus Omnichannel Chat, REST Token and Short lived Token.

REST Token

The REST Token is used to authenticate server to server using the app code and secret key. Here is the REST token implementation:

  • How to get app id and secret
  • Usage Sample:
HTTP
Copy

You can always call any API using this method without worrying about token expiration.

Short Lived Token

To keep your information safe, you can choose to use a short lived token for authentication. Starting 4th November 2020, Qiscus Omnichannel Chat will enforce a provision whereby the short lived token validity period is 30 days after the token was generated. However, the validity period of short lived token will change under certain circumstances:

  1. When a user log in to Qiscus Omnichannel Chat, a short lived token will be generated and by default will expire in 30 days.
  2. If a user log out before the expiration date, the short lived token will become invalid. Hence, user must log back in.
  3. Once user log back in, a new short lived token will be generated. The new token will expire in the next 30 days from the last log in date.

You can see the image below to understand short lived token period clearly.

The following is a list of APIs that will be impacted if you implement a short live token:

1. Refresh Token

If the short lived token is expired. You can use the following API.

Base URL:

HTTP
Copy

Headers:

HTTP
Copy

Sample Response:

HTTP
Copy

When to refresh your token?

If you got response error.detail = ‘token_expired’ like below payload when calling any API, you should revoke your token

HTTP
Copy

2. Revoke Token

Revoke token you want to be revoked.

Base URL:

HTTP
Copy

Headers:

HTTP
Copy

Body:

HTTP
Copy

Sample Response:

HTTP
Copy

3. Revoke All Token

This token will revoke all your active token and give you a new one.

Base URL:

HTTP
Copy

Headers:

HTTP
Copy

Sample Response:

HTTP
Copy

4. List of Active Sessions

See all of your active sessions.

Base URL:

HTTP
Copy

Headers:

HTTP
Copy

Sample Response:

HTTP
Copy
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
  Last updated