If you are using an API in Portal that requires the use of tokens (Client IDs and Client Secrets), this article will explain how to generate it. 

• Creating a Client ID and Client Secret
• Getting an access token

Please note that only "owner" and "admin" users have access to the API Configuration page. It is recommended to create a specific admin user for API interaction. For example on the Shipment Data API it would allow you to customize the shipment viewer profile to match the exact data you want to return, without affecting other users' configuration for UI.

If you are unfamiliar with the user types and roles used in DeliveryHub, we recommend reading this article: Understanding user types and roles.

Our recommendation for all Portal Apis is to use the HTTPS (version TLS 1.2 minimum) in order to function properly and have enhanced security with these products. Support for TLS 1.0 and 1.1 will be deprecated in the future. TLS 1.0 and 1.1 are out-of-date protocols that do not support modern cryptographic algorithms, and they contain security vulnerabilities that may be exploited by attackers.

Creating a Client ID and Client Secret

1. Log into Portal with your owner user.
   
   
2. Click on your name in the top right corner and choose Settings.
   
   
   
   
3. Choose API Configuration > Clients in the left side menu.
   
   
   
   
4. On the Clients page, click the Add button.
   
   
   
   
5. In the dialog box that opens up, fill in Display name and Description. Choose a name and a description that will make it easier to identify the token later on. Check the Enable box to enable the token right away. (You may enable or disble the token any time after it has been created).
   
   
   
   
6. Choose the Allowed Scopes. We recommend always to include OpenId and choose your needed API options. 
   
   
   
   
7. Click Save. Your Client Id and Client Secret will now be generated and displayed on the screen. Important: Note the tokens as Client Secret will not be available after you close the popup.
   
   
   
   
8. Click Save to finish creating the token.
   
   
9. The token will now be listed on the Clients page. You can click on a token any time to edit or delete it or to enable/disable it.  If you have a long list of tokens, you can use the filter option in the top to show only enabled or disabled tokens.
   
   

Getting an access token

Use your Client ID and Client Secret to generate an access token needed for other requests to our API. This is done by making a POST request to the following token endpoint:

https://www.consignorportal.com/idsrv/connect/token

Specify the Client ID, Client Secret and grant type in the language and framework used by your company.

Sample:
POST https://www.consignorportal.com/idsrv/connect/token 
Cache-Control: no-cache
Host: www.consignorportal.com
Content-Type: application/x-www-form-urlencoded

client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&grant_type=client_credentials

If the request is valid and the client is configured correctly, you will get back a JSON response:

{
    "access_token": "some-real-token-data-dskjfhsuijkdhfgjkasjdgfhqoeiefoiknsoidfgvoiltgjvpdrofjmwpkldujrftvoifgkhbnilsakjprotglijkqp2owrlfjkvmowrifgho2qw9ouejifpe9rodtuj3-0porfij9odtujgw0etioyh",
    "expires_in": 3600,
    "token_type": "Bearer"
}

Further reading

All our new APIs will support an OpenID solution for enhanced security. For more information, please see the OpenId and IdentityServer standard documentation:

• https://www.identityserver.com/articles/an-introduction-to-the-oauth-device-flow
• https://openid.net/connect/
• http://docs.identityserver.io/en/latest/index.html