OpenAPI で承認を得る
Overview
OpenAPI is a toolset that simplifies API development by helping you design and document your APIs. AccelByte uses OpenAPI to develop and manage AccelByte Gaming Services (AGS) API endpoints. To get access for invoking the AGS OpenAPI, you'll first need to obtain authorization by creating an access token through the AGS OAuth API.
There are two types of access token in AGS OAuth API:
- User Token: access token granted to a user. Its permission level depends on its assigned user role.
- Client Token: access token granted to a Confidential IAM Client type. Its permission level depends on the permissions assigned to it. Mostly this is used for server-to-server (S2S) calls to admin endpoints in AGS.
To learn more about the difference between User Roles and IAM Clients, see the Authorization section.
This How-to article will walk you on how to create access token either by using the API Explorer or by using Curl for those 2 token types.
User token type
Prerequisites
- You need to prepare an IAM Client, as this OAuth authorization flow requires a Client ID (and a Client Secret if you use Confidential Client type). It's recommended to use the Public Client type.
Create user access token using the API Explorer
Follow the steps below to get authorization using the API Explorer.
-
Go to AGS Token API.
-
Click the Authorize button in the top-right corner of the screen.
-
Under Basic authorization, paste your Client ID into the Username field.
-
If you use Confidential Client type, paste your Client Secret into the Password field. If you use Public Client type, type a random sequence of characters in the Password field and then delete them. Click Authorize.
注記If you use Public Client type, you need to type something into the Password and then delete it before pressing Authorize. Otherwise, OpenAPI will denote the password as undefined rather than an empty string, which will prevent logging in.
-
Click Try it out and then do the following:
- For Grant Type, select password.
- For User Name and Password, enter your AGS Admin Portal username and password.
When you're finished, click Execute. The access token you need will be returned in the server response.
-
Copy the contents of the Response body, starting from
"access_token". This will be a long string, as seen in the image above. -
Click Authorize in the top-right to return to the available authorizations window.
-
In the authorization (apiKey) section, type the word
BEARER, ensuring it's in all capitals, followed by one space. Then, paste your access token and click Authorize. -
Click Close. You can now test the API endpoints.
Create user access token using Curl
If you use Curl, you can also get an access token for OpenAPI using the code below.
curl -X 'POST' \
'<<base_url>>/iam/v3/oauth/token' \
-H 'accept: application/json' \
-H 'authorization: Basic <<client_credential>>' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=password&username=<<username>>&password=<<password>>'
Type the above code into command prompt:
- Replace
<<base_url>>with your base URL. - Replace
<<client_credential>>with your IAM Client in the format ofclient_id:client_secretin base64 encoding. - Replace
<<username>>with your username. - Replace
<<password>>with your password.
When you're finished, press Enter.
User access token response
Here is an example response for a successful user access token request:
{
"access_token": "string",
"bans": [
{
"ban": "string",
"disabledDate": "2022-09-01T03:19:32.816Z",
"enabled": true,
"endDate": "2022-09-01T03:19:32.816Z",
"targetedNamespace": "string"
}
],
"display_name": "string",
"expires_in": 0,
"is_comply": true,
"jflgs": 0,
"namespace": "string",
"namespace_roles": [
{
"namespace": "string",
"roleId": "string"
}
],
"refresh_expires_in": 0,
"refresh_token": "string",
"scope": "string",
"token_type": "string",
"user_id": "string"
}
You can copy the access_token value from the response and paste it into OpenAPI preceded by the word BEARER , as in step 8 in the API Explorer how to section.
Client token type
Prerequisites
- You need to prepare a Confidential IAM Client, as this OAuth authorization flow requires Client ID and Client Secret.
Create client access token using the API Explorer
Follow the steps below to get authorization using the API Explorer.
-
Go to AGS Token API.
-
Click the Authorize button in the top-right corner of the screen.
-
Under Basic authorization, paste your Client ID into the Username field and Client Secret into the Password field.
-
Click Try it out and set Grant Type with client_credentials.
When you're finished, click Execute. The access token you need will be returned in the server response.
-
Copy the contents of the Response body, starting from
"access_token". This will be a long string, as seen in the image above. -
Click Authorize in the top-right to return to the available authorizations window.
-
In the authorization (apiKey) section, type the word
BEARER, ensuring it's in all capitals, followed by one space. Then, paste your access token and click Authorize. -
Click Close. You can now test the API endpoints.
Create client access token using Curl
If you use Curl, you can also get an access token for OpenAPI using the code below.
curl -X 'POST' \
'<<base_url>>/iam/v3/oauth/token' \
-H 'accept: application/json' \
-H 'authorization: Basic <<client_credential>>' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credential'
Type the above code into command prompt:
- Replace
<<base_url>>with your base URL. - Replace
<<client_credential>>with your IAM Client in the format ofclient_id:client_secretin base64 encoding.
When you're finished, press Enter.
Client access token response
Here is an example response for a successful client access token request:
{
"access_token": "string",
"expires_in": 0,
"is_comply": true,
"namespace": "string",
"scope": "string",
"token_type": "string"
}
You can copy the access_token value from the response and paste it into OpenAPI preceded by the word BEARER , as in step 7 in the API Explorer how to section.