Genarate an Access Token(Oauth 2.0)
Azuga APIs use an OAuth 2.0–based authentication mechanism that combines user credentials with client-specific credentials to securely generate an access token. Authentication requests include the required credentials transmitted securely over HTTPS using HTTP headers.
Once an access token is issued, it must be included in the headers of every subsequent API request. This token uniquely identifies both the authenticated user and the client application, enabling secure access to authorized API endpoints.
This approach allows backend services, integrations, and automated scripts to authenticate on behalf of a specific user while maintaining strong client-level security.
Authentication Endpoint
To access Azuga APIs, you must first authenticate using the Authentication API. This endpoint validates your credentials and returns an access token required for all subsequent API calls.
Prerequisites
Before generating an authentication or access token, please ensure you have the following details ready:
1. Valid Azuga User Credentials
An existing Azuga customer account with a username and password.
2. Client API Key
A unique client identifier issued by Azuga.
To obtain your Client ID, contact [email protected]
3. Client Secret
A confidential key associated with your Client ID, used for secure authentication.
To obtain your Client Secret, contact [email protected]
Having these prerequisites in place will ensure a smooth and successful access token generation process.
The OAuth Flow
Once you have received your clientApiKey and clientSecret, a successful authentication between your application, the user, and the Azuga Auth service occurs in the following order:
- Make an authentication request to the Azuga Login API.Your application sends a secure request to the Azuga authentication endpoint: https://fleet-rest.azuga.com/api/v4/login.
- Your application sends the request with:
Authorizationheader containing the Base64-encodedusername:passwordclientApiKeyandclientSecretheaders
Note:To obtain your clientApiKey and clientSecret, please contact [email protected]
- Azuga validates the credentials and client keys.
- On successful validation, the API responds with an access token, refresh token, and expiry information.
- Your application uses the access token to authenticate subsequent Azuga API requests.
Authorization Request
The first step in the Azuga authentication flow is making a login request to the Azuga Authentication API. This request validates the user credentials along with client-specific keys and generates an access token for subsequent API calls.
Authentication request URL: https://fleet-rest.azuga.com/api/v4/login.
Example Request: GET https://fleet-rest.azuga.com/api/v4/login
| Header Name | Description | Required |
|---|---|---|
| Authorization | Base64 encoded username and password in the format username:password, prefixed with Basic. Example: Basic EpvaG5AYXp1Z2EuY29tOnRlc3QxMjM= | Yes |
| clientApiKey | Client-specific API key. Contact [email protected] to obtain this value. | Yes |
| clientSecret | Client-specific secret key. Contact [email protected] to obtain this value. | Yes |
Authorization Header Details
To generate the Authorization header:
- Combine the username and password using a colon (:) Example:
[email protected]:test123 - Encode the combined string using Base64. You may use any Base64 encoder. . Example:
EpvaG5AYXp1Z2EuY29tOnRlc3QxMjM= - Prefix the encoded value with the word
Basicfollowed by a space. Example:Authorization: Basic EpvaG5AYXp1Z2EuY29tOnRlc3QxMjM=
Example Request:
curl --request GET \
--url https://fleet-rest.azuga.com/api/v4/login \
--header 'Authorization: Basic cGhhbmlrQGF6dWdhLmNvbTpUZXN0aW5nQDEy' \
--header 'accept: application/json' \
--header 'clientApiKey: tfhhbmlrRGF6dWdhLmNvbTp0XEN0aW5nQDwT' \
--header 'clientSecret: qjhhbmlrUGI6dWdhLmNvbTp0XEN0aV5nQKwP'Example Response:
On success, the API returns HTTP status 200 (OK).
{
"message": "Access Token Fetched Successfully.",
"generatedAt": 1681072293000,
"data": {
"accessToken": "MR1ny07tErdg4nIKlSOfy9Typ9yCyeDK",
"refreshToken": "TfEK0w0gj4ZkZ8Ub70IcrMwX8MGHGF6N",
"expiresIn": 15552000
}
}Success Response Structure
On successful authentication, the API returns an access token that can be used to authorize subsequent API requests.
| Field | Description |
|---|---|
message | Confirmation message for successful token generation. |
generatedAt | Time when the token was generated (epoch in milliseconds). |
accessToken | Token used to authenticate API requests. |
refreshToken | Token used to generate a new access token after expiration. |
expiresIn | Access token validity period in seconds (180 days). |
Refresh Token Request and Response
Once your access token expires after 180 days, you can use the Refresh Token API to generate a new access token and refresh token without re-authenticating with username and password.
The refresh token is issued as part of the Authentication API response and can be reused until it expires or is revoked.
Request Structure
The HTTP verb for this request is GET, and the refresh token URL is:https://fleet-rest.azuga.com/api/v4/refresh-token
| Parameter | Description | Required |
|---|---|---|
| refreshToken | The refresh token received from the Authentication API. This token is used to request a new access token when the current one expires. | Yes |
| Authorization | The previous access token, prefixed with Bearer. Example: Bearer eyJhbGciOiJIUzI1NiIs | Yes |
Example Request
curl --request GET \
--url 'https://fleet-rest.azuga.com/api/v4/refresh-token?refreshToken=qjhhbmlrUGI6dWdhLmNvbTp0XEN0aV5nQKwP' \
--header 'Authorization: Bearer qjhhbmlrUGI6dWdhLmNvbTp0XEN0aV5nQKwP' \
--header 'accept: application/json'Response Structure
On success, the API returns HTTP status 200 (OK) and the following data in the response body:
| Key | Description |
|---|---|
message | Status message indicating whether the token was generated successfully. |
generatedAt | Epoch timestamp (in milliseconds) indicating when the token was generated. |
accessToken | The access token used to authenticate and make API calls to Azuga APIs. This token is valid for 180 days. |
refreshToken | The refresh token used to generate a new access token once the current access token expires. |
expiresIn | The number of seconds before the access token expires. After expiry (180 days), a new access token must be generated using the Refresh Token API. |
Example Response
{
"message": "Refreshed Tokens Fetched Successfully.",
"generatedAt": 1681072293000,
"data": {
"accessToken": "MR1ny07tErdg4nIKlSOfy9Typ9yCyeDK",
"refreshToken": "TfEK0w0gj4ZkZ8Ub70IcrMwX8MGHGF6N",
"expiresIn": 15552000
}
}Use the Access Token
For all other API calls, include the access token in the header:
Authorization: Bearer <accessToken>
Example:Authorization: Bearer MR1ny07tErdg4nIKlSOfy9Typ9yCyeDK
Error Codes
The possible errors you can get are:
| Error code | Description |
|---|---|
| 400 | Invalid Request Body |
| 401 | Unauthorized request |
| 403 | Forbidden |
| 500 | Internal server error |
Error Response
{
"errorMessage": "INVALID-REQUEST",
"generatedAt": 1681072293000,
"description": "Request is not well-formed, syntactically incorrect, or violates schema.",
"errorDetails": [
{
"field": "username",
"description": "Required input parameter is missing or invalid. username should be of a string dataType.",
"code": "AZGAS-001"
},
{
"field": "password",
"description": "Required input parameter is missing or invalid. password should be of a string dataType.",
"code": "AZGAS-004"
}
]
}{
"errorMessage": "UNAUTHORIZED",
"generatedAt": 1681072293000,
"description": "User is not Authorized. Ensure that the authorization header in your request is included and valid.",
"errorDetails": [
{
"field": "username/password",
"description": "Required input parameter is missing or invalid. Could not find the user account for given userName and password.",
"code": "AZGAS-005"
},
{
"field": "Authorization",
"description": "Invalid Authorization, Authorization header should be 'Basic' Authorization in format 'Basic Base64(username:password)'..",
"code": "AZGAS-008"
}
]
}{
"errorMessage": "INTERNAL-SERVER-ERROR",
"generatedAt": 1681072293000,
"description": "Service is currently unavailable. Please try again later."
}{
"generatedAt": 1708676216236,
"errorMessage": "FORBIDDEN",
"description": "You don't have the necessary permissions to perform this action. Please ensure you have the required privileges.\""
}Updated about 22 hours ago