Authentication
If you haven’t requested or received your accounts to access the Mock Servers or Investigate Open API, follow the steps in the Getting Started section.
Authentication Method
To authenticate a request, a valid JSON Web Token must be provided.
The mechanism used to obtain the token is Resource Owner Password Credentials (ROPC). The ROPC grant type can be used to enable a secure way to initially share credentials with clients in scenarios where an interactive user agent is not available.
In the ROPC grant type, the client captures the user credentials and uses those credentials to swap for an access token.
To authenticate against the Mock Server or Investigate Open API, you'll need the following url-encoded parameters, which will have been provided to you:
| Parameter | Value |
|---|---|
| client_id | 6df72670-6690-11ed-9022-0242ac120002 |
| client_secret | 2181866d-56b0-4229-8626-648946323f05-dec5db32-1419-4ceb-932f-2073472f26f1 |
| username | investigate-client@organization.com |
| password | RVx:c*s8m(3r |
| grant_type | password * |
* grant_type must be the actual word "password".
Before the first usage, make sure you follow the reset password link. This is an external link to api.auth.gbgplc.com.
Authenticating Requests
Once you have a valid token, you need to send it on every request in the Authorization HTTP header.
Example:
Authorization: Bearer <token>
Troubleshooting
The provided token might not be accepted in certain scenarios. The following table summarizes the most common scenarios and recommended solutions:
| Status Code | Body Message | Resolution |
|---|---|---|
401 Unauthorized | Jwt is missing | Include a valid token in the Authorization header. |
401 Unauthorized | Jwt is expired | Renew your access token. |
401 Unauthorized | Jwt issuer is not configured | Make sure you are using a token issued by GBG and for the correct environment. |
403 Forbidden | Unauthorized to use Investigate API | Please confirm your configured licence. Contact your account administrator within your organisation or directly with GBG customer services. |
403 Forbidden | [Action name] is unauthorized | One or several actions that the request is trying to perform is not allowed. This could be a partial status code in case other actions were authorized correctly. Contact your account administrator within your organisation or GBG customer services. |
207 Multi-status | [Action name] is unauthorized | One or several actions that the request is trying to perform is not allowed. This could be a partial status code in case other actions were authorized correctly. Contact your account administrator within your organisation or GBG customer services. |