Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Table of Contents
stylenone

Changelogs

Version

Date

Changes by

Description of change

V1.0

April 10, 2024

Que Nguyen

  • Initiate document

V1.0.1

May 30, 2024

Que Nguyen

  • Add Rate Limit Description

Release status

Environment

Status

Released Date

Version

DEV

Status
colourGreen
titleReleased

April 10, 2024

V1.0.1

UAT

Status
colourGreen
titleRELEASED

April 17, 2024

V1.0

PROD

Status
colourBlueGreen
titleNOT RELEASED

N/A

N/AMay 15, 2024

V1.0

The Token resource

The primary resource that you will be interacting with when retrieving the authorization token.

AccessToken text

User access token

Token lifetime: https://redex-eco.atlassian.net/wiki/spaces/PAD/pages/286490675/Authentication#Access-Token%3A

RefreshToken text

User refresh token. Using in API “GET Refresh Token”

Token lifetime: https://redex-eco.atlassian.net/wiki/spaces/PAD/pages/286490675/Authentication#Refresh-Token%3A

ExpiresIn int

Token’s expired time in second

TokenType text

Type Identifier: Bearer

Scope text

Collection of scopes granted for this user access token.

Code Block
languagejson
{
  "AccessToken": "{{AccessToken}}",
  "RefreshToken": "{{RefreshToken}}",
  "ExpiresIn": "3600",
  "TokenType": "Bearer",
  "Scope": "REConnect_api REDEX_api REHash_api"
}

API Definitions

Status
colourGreen
titlePOST
/public/v2/connect/token/refresh

Request Header

Content-Type

application/json

Request Payload

RefreshToken (required) text

RefeshToken getting from the response

GrantType (required) text

Grant type: refresh_token

ClientId (required) text

System / App / Platform unique identifier

Max length: 36

ClientSecret (required) text

System / App / Platform secret

Max length: 36

Code Block
curl -X POST 'https://uat-api.redex.eco/public/v2/connect/token/refresh' \
-H 'Content-Type: application/json' \
-D '{
    "RefreshToken": "4d7869f0-71cc-43d8-8b82-1f87db6eda2f",
    "GrantType": "refresh_token",
    "ClientId": "3Yj1rQvcDGYXqXtaxDNyWaNkWPUAwJ",
    "ClientSecret": "fNDq3vGM26wzOqr9OMUXQkxdG5J3$o"
}'

Response

Response Body

Data object

Return Token Resource above

返回上面的Token资源

Errors list of error objects

Please see "Getting Started - #Error Object" for more details

请查看Getting Started - #Error Object以获得更多信息。

Meta null object

Return null object

StatusCode integer

Http Status codes standard. Example 200, 201, 404.

http状态码,如200,201,404

Message text

Response message: Success or error message.

返回成功或错误的信息。

Info

200 Success

Code Block
languagejson
{
    "Data": {
        "AccessToken": {{AccessToken}},
        "RefreshToken": {{RefreshToken}},
        "ExpiresIn": "3600",
        "TokenType": "Bearer",
        "Scope": "REConnect_api REDEX_api REHash_api"
    },
    "Errors": null,
    "StatusCode": 200,
    "Message": "Return tokens successfully",
    "Meta": null
}

Warning

401 Unauthorized

Code Block
languagejson
{
    "Data": null,
    "Errors": [
        {
            "Key": "unsupported_grant_type",
            "Message": "unsupported_grant_type"
        }
    ],
    "StatusCode": 401,
    "Message": "unsupported_grant_type",
    "Meta": null
}

Rate limit

Rate Limit Algorithm: Fixed Window

In fixed window rate limiting, a fixed time window (e.g., one minute, one hour) is used to track the number of requests or actions allowed within that window. Requests exceeding the limit are either rejected or throttled until the window resets.

Rate Limiting Overview

Our API employs rate limiting to ensure fair usage and protect the performance and availability of the service. Combination of Global Policy and Operation Policy

Global Policy

  • Rate Limit: 3000 requests per 5 minute(s)

  • Renewal Period: 300 second(s)

  • Key: IP Address

  • Increment Condition: Any Request

Operation Policy

  • Rate Limit: 10 requests per 1 minute(s)

  • Renewal Period: 60 second(s)

  • Key: RefreshToken the refresh token from request body.

  • Increment Condition: Any Request

Rate Limit Details

  1. Rate Limit by Key:

    1. Key: This ensures that rate limits are applied uniquely for each refresh token.

    2. Request Limit: Each key is allowed to make up to 10 requests per minute

    3. Reset Interval: The limit resets every 60 seconds

  2. Response Headers:

    1. Retry-After: Sent when the rate limit is exceeded, indicating how long to wait before making another request.

Exceeding the Rate Limit

When the rate limit is exceeded, the API will return a 429 Too Many Requests status code. The response will include a Retry-After header specifying the number of seconds to wait before making a new request.

Example Response When Rate Limit is Exceeded
Code Block
languagejson
HTTP/1.1 429 Too Many Requests
Retry-After: 60
Content-Type: application/json

{
    "Data": null,
    "Errors": null,
    "StatusCode": 429,
    "Message": "Rate limit exceeded",
    "Meta": null
}