Current situation or problem:
The Direct to INN-Reach (D2IR) APIs require a Bearer Auth token for authentication, and the central server must request such a token from FOLIO prior to calling any D2IR API endpoints provided by FOLIO. However D2IR integration is implemented in FOLIO, the module(s) will need to provide facility to issue Bearer Auth tokens to the central server with these requirements:
An API Key and Secret, which should be concatenated together with a ":" and then base64-encoded.
Content-type header: application/x-www-form-urlencoded
Here is an example from the API Documentation (v2.3, pg. 8):
Tokens are valid for 600 seconds. Expired tokens result in "401 Unauthorized" response.
Note: Endpoints should be versioned (/innreach/v1, /innreach/v2, etc.)
API Endpoint to provide OAuth2 Bearer Tokens to a client based on supplied Base64-encoded key/secret pair.
Out of scope
API client for requesting OAuth2 Bearer Tokens from Central Server based on supplied Base64-encoded ket/secret pair
- How are key/secret pairs generated, stored, invalidated?
- How do we verify provided tokens?
- How does authorization interact with FOLIO's built-in permissions?