VATify.eu REST API uses the OAuth2.0 „Client Credentials Flow“ for authentication and authorization. To make API calls, your integration must first obtain a bearer token. Below is an example of this procedure.
The client ID (username) and access key (password) are first concatenated
together using a single colon character as separator. The resulting string is
then Base64 encoded:
base64_encode("MyClientID:SecretAccessKey") =>
"TXlDbGllbnRJRDpTZWNyZXRBY2Nlc3NLZXk="
Finally, the client sends a POST request to the REST API's authentication endpoint, providing the Base64-encoded credentials within an „Authorization“ header, as shown here:
Request URL: https://api.vatify.eu/v1/oauth2/token
Request method: POST
Accept: application/json
Content-Type: application/json
Authorization: Basic TXlDbGllbnRJRDpTZWNyZXRBY2Nlc3NLZXk=
{
"grant_type": "client_credentials"
}
The process described above is known as „HTTP basic authentication“ — the oldest and most popular type of HTTP authentication.
VATify.eu API responds with status code 200 and a JSON payload that includes a time-limited bearer token to be used for all other API calls.
Status code: 200 OK
Content-Type: application/json
{
"scope": "vatifyeu_query",
"access_token": "QXsVKAUwu3am1ekiNlUni7QPIxqSZ6qhRbay",
"token_type": "Bearer",
"created_at": "2022-03-02T11:44:30Z",
"expires_at": "2022-03-02T15:44:29Z",
"expires_in": 14399
}
Once authenticated and in posession of a bearer token, the API client uses
the „HTTP bearer authorization“ with all further API calls. Requests sent to
the API server will contain a header such as this:
Authorization: Bearer
QXsVKAUwu3am1ekiNlUni7QPIxqSZ6qhRbay
The bearer token is time-limited and usually expires 4 hours from the time it was issued. A new token can be requested by repeating the steps above.