Skip to main content

Authentication

Each API call to Logitrail API must have two mandatory authentication headers, unless otherwise specified in the endpoint documentation.

  • Authentication: Bearer <access token>
  • X-Logitrail-Merchant-ID: <merchant id>

The <merchant id> is a fixed value for your merchant account. The <access token> you'll obtain from the token endpoint as described below.

Client Registration

Each client connecting Logitrail API must be registered in advance. Logitrail's Customer Service will provide you Client ID and Client Secret upon request. The client credentials are confidental.

To register a client, we require following details:

  • One or more technical contact e-mail address(es)
  • Name of the client system
  • What API operations are expected to be used (see scopes below)
  • Is the client test or production client?

Obtain an Access Token

To obtain an access token, a standard OAuth2 Client Credentials flow is used. For security reasons it's recommended to use an existing, well-maintained library or framework to obtain the token.

  • The token endpoint is https://idp.logitrail.com/realms/logitrail/token for both test and production systems
  • Client ID and Client Secret are provided in the HTTP Basic Authentication Header
  • Define the scopes you need to use the token in the request body in standard way
  • You will get the access token as a response in access_token parameter

The provided token is valid only for a certain period, maximum 24 hours. Lifetime is provided in a standard expires_in field with the token. Please note in your implementation that the validity period may vary.

Token Scopes

Each token can be used only for operations defined in the scopes when requesting the token. For security reasons, it's preferred that you request only minimum scopes, but actual implementation is up to your system architecture and requirements.

All available scopes are listed below. You find the required scopes for each API operation from corresponding endpoint documentation. Please note that the client can only request scopes that are allowed to the specific client based on the use case.

Moving from Test to Production

Each client is limited to access either test or production environments. When you are ready to move to production, please request a new client for the production environment.

Note that the same token endpoint is used for both test and production, while actual Logitrail API endpoints are different.