Authorization API

Marra uses the Oauth2 protocol for API authorization. This means that to use the Marra API, your system has to be authorized first. This enhances the security of the Marra ecosystem together with your system, and information.

OAuth2 is a standard designed to allow a website or application to access resources hosted by other web apps on behalf of a user.

Marra uses the Client Credentials Grant Type which is Used for non-interactive applications e.g., automated processes, microservices, etc. In this case, the application is authenticated per se by using its client id and secret.

For more information on Oauth2, read this guide.

Authorization: Step by Step

• Login/Signup to the Marra dashboard.

• Go to your dashboard "Settings" in the dashboard sidebar menu.

• Copy your Client ID and Client Secret values for use in the authorization API.

• Request authorization token from the server. The endpoint will return a token you can use to access Marra APIs for a certain duration (specified in the response).

Getting an access token

GET https://api.marra.software/oauth/token

Gets an access_token with the expiry time and some other information.

Path Parameters

{
  "access_token": "XXXXX_36PMVXP2XXXXXXYYYYYYZZZZZZZ",
  "expires_in": 7200,
  "scope": "all",
  "token_type": "Bearer"
}

{
    "code": "RESTRICTED",
    "message": "Unauthorized"
}

{
    "code": "SERVER_ERROR",
    "message": "Internal server error"
}

• Now, use the token as a header in all requests sent to Marra API. And be sure to generate a new token after the previous one expires.