Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 24 Next »

Table of Contents

Changelogs

Version

Date

Changes by

Description of change

V1.0

Mar 29, 2024

Que Nguyen

  • Added Table of Contents.

  • Added Changelogs.

V1.0.1

April 10, 2024

Que Nguyen

  • Added Release Status table.

  • Updated RefreshToken into Response.Data

V1.0.2

May 30, 2024

Que Nguyen

  • Added Rate Limit Description.

Release Status

Environment

Status

Released Date

Version

DEV

RELEASED

April 10, 2024

V1.0.2

UAT

RELEASED

April 17, 2024

V1.0.1

PROD

RELEASED

Mar 25, 2024

V1.0

The Token resource

The primary resource that you will be interacting with when retrieving the authorization token.

AccessToken text

User access token

Token lifetime: https://redex-eco.atlassian.net/wiki/spaces/PAD/pages/286490675/Authentication#Access-Token%3A

RefreshToken text

User refresh token. Using in API “GET Refresh Token”

Token lifetime: https://redex-eco.atlassian.net/wiki/spaces/PAD/pages/286490675/Authentication#Refresh-Token%3A

ExpiresIn int

Token’s expired time in second

TokenType text

Type Identifier: Bearer

Scope text

Collection of scopes granted for this user access token.

{
  "AccessToken": "{{AccessToken}}",
  "RefreshToken": "{{RefreshToken}}",
  "ExpiresIn": "3600",
  "TokenType": "Bearer",
  "Scope": "REConnect_api REDEX_api REHash_api"
}

API Definitions

POST /public/v2/connect/token

Request Header

Content-Type

application/json

Request Payload

ApiKey (required) text

API key value associate with a User + Business Account

Max length: 36

GrantType (required) text

Grant type: api_key

ClientId (required) text

System / App / Platform unique identifier

Max length: 36

ClientSecret (required) text

System / App / Platform secret

Max length: 36

curl -X POST 'https://uat-api.redex.eco/public/v2/connect/token' \
-H 'Content-Type: application/json' \
-D '{
    "ApiKey": "4d7869f0-71cc-43d8-8b82-1f87db6eda2f",
    "GrantType": "api_key",
    "ClientId": "3Yj1rQvcDGYXqXtaxDNyWaNkWPUAwJ",
    "ClientSecret": "fNDq3vGM26wzOqr9OMUXQkxdG5J3$o"
}'

Response

Response Body

Data object

Return Token Resource above

返回上面的Token资源

Errors list of error objects

Please see "Getting Started - #Error Object" for more details

请查看Getting Started - #Error Object以获得更多信息。

Meta null object

Return null object

StatusCode integer

Http Status codes standard. Example 200, 201, 404.

http状态码,如200,201,404

Message text

Response message: Success or error message.

返回成功或错误的信息。

200 Success

{
    "Data": {
        "AccessToken": {{AccessToken}},
        "RefreshToken": {{RefreshToken}},
        "ExpiresIn": "3600",
        "TokenType": "Bearer",
        "Scope": "REConnect_api REDEX_api REHash_api"
    },
    "Errors": null,
    "StatusCode": 200,
    "Message": "Return tokens successfully",
    "Meta": null
}

401 Unauthorized

{
    "Data": null,
    "Errors": [
        {
            "Key": "unsupported_grant_type",
            "Message": "unsupported_grant_type"
        }
    ],
    "StatusCode": 401,
    "Message": "unsupported_grant_type",
    "Meta": null
}

Rate limit

Rate Limit Algorithm: Fixed Window

In fixed window rate limiting, a fixed time window (e.g., one minute, one hour) is used to track the number of requests or actions allowed within that window. Requests exceeding the limit are either rejected or throttled until the window resets.

Rate Limiting Overview

Our API employs rate limiting to ensure fair usage and protect the performance and availability of the service. Combination of Global Policy and Operation Policy

Global Policy

  • Rate Limit: 3000 requests per 5 minute(s)

  • Renewal Period: 300 second(s)

  • Key: IP Address

  • Increment Condition: Any Request

Operation Policy

  • Rate Limit: 10 requests per 1 minute(s)

  • Renewal Period: 60 second(s)

  • Key: ApiKeythe refresh token from request body.

  • Increment Condition: Any Request

Rate Limit Details

  1. Rate Limit by Key:

    1. Key: This ensures that rate limits are applied uniquely for each API Key.

    2. Request Limit: Each key is allowed to make up to 10 requests per minute

    3. Reset Interval: The limit resets every 60 seconds

  2. Response Headers:

    1. Retry-After: Sent when the rate limit is exceeded, indicating how long to wait before making another request.

Exceeding the Rate Limit

When the rate limit is exceeded, the API will return a 429 Too Many Requests status code. The response will include a Retry-After header specifying the number of seconds to wait before making a new request.

Example Response When Rate Limit is Exceeded

HTTP/1.1 429 Too Many Requests
Retry-After: 60
Content-Type: application/json

{
    "Data": null,
    "Errors": null,
    "StatusCode": 429,
    "Message": "Rate limit exceeded",
    "Meta": null
}
  • No labels