Dash

Developers


Dash Chassis API Resources

> Authentication Flow

DASH uses OAuth v2 specification for granting developers and third parties access to the Dash Chassis API. The following steps explain in detail the authentication flow needed to retrieve access tokens to invoke Dash Chassis API endpoints.

1. Request authorization

In this step, your application requests an authorization code which can then be exchanged for an access token.

GET https://dash.by/api/auth/authorize
        

Query Parameters

Name

Type

Description


client_id

Required

String

The client id assigned to your application. Dash assigns you a client id when signing up.


scope

Required

String

A space delimited list of scopes that your application needs access to. You can get information on available scopes here.


response_type

Required

String

This value should be always be "code"


state

Optional

String

An opaque string used to protect against forgery attacks.


redirect_uri

Optional

String

If absent, Dash will deliver the authorization code to your primary redirect_uri.
If present, this uri should be either your primary redirect_uri or one of the additional redirect_uris that you provided during signup.


Example request:

GET https://dash.by/api/auth/authorize?response_type=code&client_id=MY_CLIENT_ID&scope=trips&state=xyz
            &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb
        

Step 2. Access token request

The authorization endpoint authenticates the user and asks them to grant access to the client application. If the user approves of the access, DASH redirects the user to the client's redirect_uri and attaches the following query parameters:

Example redirect url:

https://myapp.com/code=SplxlOBeZQQYbYS6WxSbIA&state=xyz

Step 3. Exchange the authorization code provided in the redirect url for an access token.

Issue a POST request with the following parameters to receive an access token. The parameters should be sent in JSON format via the request body.

POST https://dash.by/api/auth/token

Request Parameters

Name

Type

Description


client_id

Required

String

The client id of your application. Dash assigns you a client id when signing up.


client_secret

Required

String

The client secret for your application. Dash assigns you a secret key when signing up.


code

Required

String

The authorization code you received with the redirect in Step 1.


grant_type

Required

String

Value should be "authorization_code"


Example request:

POST https://dash.by/api/auth/token
{
    "client_id": "GJK88NjZWQtOWNkZC00ZDg1LWIzOTEtN2ViYmMyM2EyYjQz",
    "client_secret": "wezQ30xIL0HWuLcZu5FY+AnTmFowGGXa",
    "code": "qDhOiYCFxbKq24FRsNnTNLb6FqfP4P8",
    "grant_type": "authorization_code"
} 

Response Parameters

Name

Type

Description


access_token

String

The access token.


token_type

String

The type of access token, will always be 'Bearer'


Example response:


        {
            "access_token": "GcvPqA4YkL0vcrw5a7DwwEDmRum5qeBG1QQH_wjQiCJPaKkaf7uYLCUaq09E2",
            "token_type": "Bearer"
        } 

Step 4. Use this access token to access the Dash Chassis API

Once your application has received an access token, you can make requests to the Dash Chassis API on behalf of a user by attaching the access token to the request header.

Example request:

$ curl -H "Authorization: Bearer GcvPqA4YkL0vcrw5a7DwwEDmRum5qeBG1QQH_wjQiCJPaKkaf7uYLCUaq09E2" "https://dash.by/api/chassis/v1/trips"