Direct Integration
Gojek and GoBiz both use OAuth2 method to authenticate the client. Direct Integration API is authenticated using Client Credentials. It is suitable for machine to machine (M2M) authorization.
To complete the authentication process, the client must authorize itself to Gojek OAuth2 server using client credentials. Client credentials contains two parameters client_id and client_secret. This identification of the client is done through client credentials issued by Gojek.
The steps to access protected resources/APIs on GoBiz are given below.
- Get token from token endpoint.
- Use Access Token to access GoBiz API.
Get Token from Token Endpoint
You need to send a request to GoBiz to acquire the access token.
Endpoint = OAUTH_URL/oauth2/token
Header Parameters
| Parameter | Description | Type | Required | Example |
|---|---|---|---|---|
client_id | Unique identifier issued to the client by Gojek. | String | Required | abc |
client_secret | Secret issued to client by Gojek. | String | Required | my_secret |
grant_type | Method to gain the access token. It must be client_credentials. | String | Required | client_credentials |
scope | Scope of access to be associated with the resulting access token. | String | Required | partner:outlet:write |
- If access level is not provided, no scope is granted to the token.
- Refer OAuth 2.0: Section 2.3.1 - Client Password for more information on client credentials. :::
The available scopes are described in the table given below.
| Scope | Scope Description |
|---|---|
partner:outlet:read | To read outlet data. |
partner:outlet:write | To edit or update outlet data. |
gofood:catalog:read | To read GoFood menu. |
gofood:catalog:write | To modify GoFood menu. |
gofood:order:read | To read GoFood order data. |
gofood:order:write | To mark an order is ready. |
promo:food_promo:read | To retrieve GoFood promotions. |
promo:food_promo:write | To modify GoFood promotions. |
payment:transaction:read | To read payment transaction. |
payment:transaction:write | To modify payment transaction. |
payment:pop:read | To read payment PoP data. |
mokapos:library:read | To read mokapos libray data. |
mokapos:transaction:read | To read mokapos transaction data. |
mokapos:reporting:read | To read mokapos reporting data. |
mokapos:customer:read | To read mokapos libray data. |
mokapos:checkout:write | To update mokapos checkout data. |
mokapos:salestype:read | To read mokapos sales type data. |
Response Parameters
| Parameter | Description | Type |
|---|---|---|
access_token | A token that can be used to access the GoBiz API. | String |
expires_in | Approximate remaining lifetime of the token in seconds. | Integer |
token_type | Type of the token returned. Value: Bearer. | String |
scope | Scope granted to the token. | String |
Sample Request
curl -X POST https://integration-goauth.gojekapi.com/oauth2/token \
-u "my_client_id:my_client_secret" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials" \
-d "scope=partner:outlet:read"
Sample Response
{
"access_token": "this_is_the_access_token",
"expires_in": 3600,
"token_type": "Bearer",
"scope": "partner:outlet:read"
}
- Any fields not understood by the client should be ignored.
- It is the responsibility of the client to trigger the above described flow to get a new access token just before
expires_inwindow ends or when a401 - Unauthorizedis received from the resource server. :::
Use Access Token to Access GoBiz API
Access token received in the Get Token from Token Endpoint step can be used to access GoBiz APIs by sending the token in the Authorization header.
For Authorization header example, see Get All Outlets API.