Authentication

OAuth2

OnSched uses OAuth 2.0 for authentication and authorization. Use your client credentials to call OnSched's Identity server in order to to receive a session token, with which you are able to include as a bearer token for all requests to the Consumer or Setup API Interfaces.

Expiration

Session tokens expire after 60 minutes, for security reasons this cannot be changed. A refresh token can be used in order to allow clients to continue to have a valid access token without further interaction with the user.

Headers

When requesting a token, check the following headers to be sure that they are configured as follows:

  • content-type: application/x-www-form-urlencoded
  • grant_type: client_credentials
  • scope: OnSchedApi

Request URL

The request URL will change based on your environment (eg. Sandbox or Production). If you are unsure of the current status of your environment please refer to the client credentials, if you are using a pair of Sandbox credentials they will begin with the word sbox and if you are using a pair of Production credentials the ClientID will begin with the word live, for example:

Sandbox: sbox1234567890
Production: live1234567890

Get a Token

curl --location --request POST 'https://sandbox-identity.onsched.com/connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=<<clientId>>' \
--data-urlencode 'client_secret=your_client_secret' \
--data-urlencode 'scope=OnSchedApi' \
--data-urlencode 'grant_type=client_credentials'
const params = {
        client_id:     '<<clientId>>',
        client_secret: 'your_client_secret',
        scope:         'OnSchedApi',
        grant_type:    'client_credentials',
      }
      const tokenURL = 'https://sandbox-identity.onsched.com/connect/token'
      // querystring.stringify(params) will encode the param data
      // in application/x-www-form-urlencoded format, which is required
      // by the Identity Server
      axios.post( tokenURL, querystring.stringify( params ) )
           .then( resp => {
             // return the tokenset
             resolve( resp.data )
           } )
           .catch( error => reject( error ) )
var request = require('request');
var options = {
  'method': 'POST',
  'url': 'https://sandbox-identity.onsched.com/connect/token',
  'headers': {'Content-Type': 'application/x-www-form-urlencoded' },
  form: {
    'client_id': '<<clientId>>',
    'client_secret': 'your_client_secret',
    'scope': 'OnSchedApi',
    'grant_type': 'client_credentials'
  }
};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});
var settings = {
  "async": true,
  "crossDomain": true,
  "url": "https://sandbox-identity.onsched.com/connect/token",
  "method": "POST",
  "headers": {
    "Content-Type": "application/x-www-form-urlencoded",
    "Accept": "*/*",
    "Cache-Control": "no-cache",
    "Host": "sandbox-identity.onsched.com",
    "Accept-Encoding": "gzip, deflate",
    "Content-Length": "110",
    "Connection": "keep-alive",
    "cache-control": "no-cache"
  },
  "data": {
    "grant_type": "client_credentials",
    "scope": "OnSchedApi",
    "client_id": "<<clientId>>",
    "client_secret": "your_client_secret"
  }
}

$.ajax(settings).done(function (response) {
  console.log(response);
});
package main
import (
  "fmt"
  "strings"
  "net/http"
  "io/ioutil"
)
func main() {
  url := "https://sandbox-identity.onsched.com/connect/token"
  method := "POST"
  payload := strings.NewReader("client_id=<<clientId>>&client_secret=your_client_secret&scope=OnSchedApi&grant_type=client_credentials")
  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)
  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()
  body, err := ioutil.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}
require "uri"
require "net/http"
url = URI("https://sandbox-identity.onsched.com/connect/token")
https = Net::HTTP.new(url.host, url.port)
https.use_ssl = true
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/x-www-form-urlencoded"
request.body = "client_id=DemoUser&client_secret=DemoUser&scope=OnSchedApi&grant_type=client_credentials"
response = https.request(request)
puts response.read_body
import http.client
conn = http.client.HTTPSConnection("sandbox-identity.onsched.com")
payload = 'client_id=DemoUser&client_secret=DemoUser&scope=OnSchedApi&grant_type=client_credentials'
headers = {'Content-Type': 'application/x-www-form-urlencoded'}
conn.request("POST", "/connect/token", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
var data = "client_id=DemoUser&client_secret=DemoUser&scope=OnSchedApi&grant_type=client_credentials";
var xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function() {
  if(this.readyState === 4) {
    console.log(this.responseText);
  }
});
xhr.open("POST", "https://sandbox-identity.onsched.com/connect/token");
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
xhr.send(data);
OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("application/x-www-form-urlencoded");
RequestBody body = RequestBody.create(mediaType, "client_id=DemoUser&client_secret=DemoUser&scope=OnSchedApi&grant_type=client_credentials");
Request request = new Request.Builder()
  .url("https://sandbox-identity.onsched.com/connect/token")
  .method("POST", body)
  .addHeader("Content-Type", "application/x-www-form-urlencoded")
  .build();
Response response = client.newCall(request).execute();
POST /connect/token HTTP/1.1
Host: sandbox-identity.onsched.com
Content-Type: application/x-www-form-urlencoded
Accept: */*
Cache-Control: no-cache
Accept-Encoding: gzip, deflate
Content-Length: 110
Connection: keep-alive
cache-control: no-cache

grant_type=client_credentials&
scope=OnSchedApi&
client_id=DemoUser&
client_secret=DemoUser

What’s Next
Did this page help you?