Request access token
Overview
You authenticate in Sitefinity CMS OData RESTful API services by acquiring a bearer token and sending it with all requests to the OData services. This article describes how to authenticate in Sitefinity CMS to interact with protected OData routes with the Default authentication protocol.
Before sending the request to the server, you have to configure Sitefinity CMS advanced settings. Afterwards, you can request a bearer token.
Default authentication protocol settings
- In Sitefinity CMS backend, navigate to Administration » Settings » Advanced.
- In the left pane, expand Security.
-
In AccessControlAllowOrigin, enter the URL of your server or app, or enter * for all.
IMPORTANT: Allowing access control to all is considered a security risk.
- Save your changes.
- In the left pane, expand Authentication » OAuthServer.
- Click AuthorizedClients » Create new.
-
Fill out the required fields.
For example, enter the following:
-
In ClientId, enter postman
-
In Secret, enter secret
- Save your changes.
- Restart your Sitefinity CMS instance.
NOTE If you are in load balanced environment, make sure to apply these steps to all necessary nodes.
Request a bearer token with the Default protocol
If you are using Default authentication protocol to authenticate to a RESTful API service, use the following request to obtain a bearer token that you can afterwards in in subsequent requests.
Sample request
POST http://mysite.com/sitefinity/oauth/token
Sample response
Use the bearer token in a request
Once you have obtained the bearer token, you must append it to all requests that require authentication as a request header in the following way:
Authorization: Bearer {{token_value}}