Symmetrical implements OAuth 2.0 to allow access to Payroll API without exposing their credentials with each new session.
The Client has to obtain JWT token from Symmetrical Authentication server using provided client-id and client-secret.
- The Client requests access and refresh token from the Auth server. Request body should contain client-id and client-secret provided by Symmetrical.
- If credentials are correct the Auth server responds with access_token. Note that the access token is valid for limited time. When the token expires the Client should perform access token refresh.
- With valid access token in the Authorization header access to Payroll API is granted.
Authentication procedure:
Request example:
| Auth server | https://sso.symmetrical.ai/ |
| URL | https://sso.symmetrical.ai/auth/realms/dashboard/protocol/openid-connect/token |
| Port | 443 |
| CURL - Authentication | curl --location --request POST '{{url}}:{{port}}/auth/realms/dashboard/protocol/openid-connect/token' --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'grant_type=client_credentials' --data-urlencode 'client_secret=clientsecret' --data-urlencode 'client_id=clientaccountid' |
| CURL – Refresh | curl --location -g --request POST '{{url}}:{{port}}/auth/realms/payroll/protocol/openid-connect/token' --header 'Content-Type: application/x-www-form-urlencoded' -d "grant_type=refresh_token&client_id=access&refresh_token=<refresh_token>" |