Before You Start
Enterprise needs to authenticate itself and receive an authentication token. It will enable it to access the service. Sinch India APIs currently support 2-factor authentication using token based authentication method.
Token based authentication
This method does not require client IPs to be whitelisted at the time of onboarding. In this method, business must use a bearer token, which can be generated using username and password, also known as Password Authentication Method.
- Production endpoint: https://auth.aclwhatsapp.com/realms/ipmessaging/protocol/openid-connect/token
- UAT endpoint: https://apiuat.aclwhatsapp.com/auth/realms/ipmessaging/protocol/openid-connect/token
- Method: Post
Curl Request- (For Production)
curl --location --request POST ' \
https://auth.aclwhatsapp.com/realms/ipmessaging/protocol/openid-connect/token
\
--header 'cache-control: no-cache' \
--header 'content-type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'client_id=ipmessaging-client' \
--data-urlencode 'username=abc' \
--data-urlencode 'password=abc'
Header Values
| Name | Description | Value |
|---|---|---|
| cache-control | Fixed value | no-cache |
| content-type | Fixed value | application/x-www-form urlencoded |
Data Object Values
| Name | Description | Value |
|---|---|---|
| grant_type | Fixed Value | password |
| client_id | Fixed Value | ipmessaging-client |
| username | Value provided by Sinch at the time of onboarding. | user-name |
| password | Value provided by Sinch at the time of onboarding. | password |
The response of the above request is as follows:
Payload
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAi",
"expires_in": 3600,
"refresh_expires_in": 1800,
"refresh_token": "eyJhbGciOiJIUzI1NiIsIn",
"token_type": "Bearer",
"not-before-policy": 0,
"session_state": "f2cd48bf-d162-4754-b2c7-bdc9c97064b3",
"scope": "email profile"
}
| Name | Description |
|---|---|
| access_token | Access token value to be used for sending messages. |
| refresh_token | Token that can be used to get a new access token. |
| expires_in | Time span for which access token is valid in seconds. |
| refresh_expires_in | The amount of time, the refresh_token is valid. |
| token_type | It has fixed value Bearer. |
After getting the access token, Businesses can send the messages using the message sending API provided by Sinch.
The Header section will be:
Payload:
--header 'Authorization: Bearer
eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6'
--header 'content-type: application/json'
| Name | Description |
|---|---|
| Authorization | Bearer token - access_token value received from token API. |
| content-type | Fixed value - application/json |