An Access Key is issued from Raven via the Slingshot Portal Server to Slingshot customers. A Slingshot portal account is required to request an Access Key. Access Keys are used to grant access to a customer's Slingshot data and are provided to ISV's by Slingshot customers and may be revoked by the Slingshot customer at any time.
AgSync leverages an implementation of the OpenID Connect specification. OpenID Connect is an identity layer on top of the OAuth 2.0 Protocol. See OpenID Connect Documentation for more information about the specification.
Implicit flow is used for authentication with AgSync using the server discovery page, client ID, and client secret. A client ID and secret may be obtained by contacting AgSync support.
After a request is authenticated, an authorization check will be performed using the Access Key that is part of the request. This Access Key will be used to control how much data will be returned to the client based on the account delegation configuration on the Slingshot Portal Server.
This flow is used when the client does not want to create their own login page, but still wants refresh token ability. It is recommended to use this flow as the user only has to login once and the refresh token can be used to retrieve access tokens going forward.
This flow is used when the client does not want to create their own login page, but still wants refresh token ability.
Every request to the production Slingshot API Servers must be encrypted via SSL.
This flow is a combination of the implicit flow and authorization code flow. It is used when the client does not want to create their own login page, but still wants refresh token ability. It is recommended to use this flow because the user only has to login once and then the refresh token can be used to retrieve access tokens going forward.
This flow is a combination of the implicit flow and authorization code flow.
This implicit grant flow can be used by both web-based and native applications.
This flow can be used by both web-based and native applications.
In order to prevent abuse, all calls to the API are subject to a rate limit of 30 calls per every 60 seconds.
If one already has a refresh token and the access token has expired, one will need to get another access token using the refresh token. Call the token endpoint specified in the discovery document and pass the grant type and the token. Doing so will get a new access token.
If one already has a refresh token and the access token has expired, one would need to get another access token using the refresh token. Submit a call to the token endpoint specified in the discovery document and pass the grant type with the token and a new access token will be received.
When specifying the response type, different data may be returned.
Result set paging is supported for some API calls. The number of results returned and the relative starting offset of the result set is controlled by several parameters.
Documentation explaining security features and practices relevant to AgSync API.
Dispatch Pro uses the same authentication process as AgSync.
Documentation regarding details around security when utilizing Slingshot API.
A list of scopes is available at the discovery endpoints listed in Authentication. Further descriptions of AgSync specific supported scopes are listed below:
A list of scopes is available at the discovery endpoints listed in Authentication. Further descriptions of AgSync specific supported scopes are listed below: