# Technical specification

This technical specification explains the content of the OS OAuth2 API.

{% hint style="info" %}
If you are not familiar with the OS OAuth 2 API please read the [overview documentation](https://docs.os.uk/os-apis/accessing-os-apis/oauth-2-api) before proceeding.
{% endhint %}

## API reference

## Generate access token

<mark style="color:green;">`POST`</mark> `/`

To create an access token, you must send a HTTP POST request to the OS DataHub OAuth 2 token endpoint. The endpoint is secured with HTTP Basic Authentication, where the username is the *Project API Key* and the password is the *Project API Secret*.

**Required HTTP Headers**

| Name          | Value                               | Description                                                                                                                                                                                                                                                                                                                    |
| ------------- | ----------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| Content-Type  | `application/x-www-form-urlencoded` | The encoded credentials are a base-64 encoded version of a string containing the username (Project API Key), a single `:` and the password (Project API Secret). Once you have the encoded value you should set the value of the Authorization header to 'Basic', a space, and the encoded value, e.g. `Basic <encodedValue>`. |
| Authorization | `Basic <encoded credentials>`       | <p>The request body must be form-encoded.</p><p>Many HTTP frameworks have support for form-encoded messages and will set the content type automatically.</p>                                                                                                                                                                   |

**Body**

| Name         | Value                | Description                                            |
| ------------ | -------------------- | ------------------------------------------------------ |
| `grant_type` | `client_credentials` | The only supported grant\_type is `client_credentials` |

**Response**

The response body is returned as a JSON object with the following properties:

<table><thead><tr><th width="178">Name</th><th width="311">Example Value</th><th>Description</th></tr></thead><tbody><tr><td><code>access_token</code></td><td><br><code>ZclClFcksJlZ19vnJOt09Yj3xme0</code></td><td>The new access token.</td></tr><tr><td><code>expires_in</code></td><td><code>299</code></td><td>The time until the token expires, in seconds.</td></tr><tr><td><code>issued_at</code></td><td><code>1576249823754</code></td><td>The time at which the token was created.</td></tr><tr><td><code>token_type</code></td><td><code>Bearer</code></td><td>The type of the token. This is always <code>Bearer</code>.</td></tr></tbody></table>

{% tabs %}
{% tab title="200" %}

```json
{
  "id": 1,
  "name": "John",
  "age": 30
}
```

{% endtab %}
{% endtabs %}

Once you have generated your access token, you can use it to authenticate your requests to other OS Data Hub APIs.

To use the access token you must include an Authorization header on your API request. The value of the Authorization header should be 'Bearer', a space, and then the access token, for example, `Bearer <`*`accessToken`*`>`.