Company Authentication
To use auth company API a specific user will be provided to you, and you have to use OAuth2 flow to authenticate APIs
OAuth2
Oauth2 is a standard to manage authentication for API, it consists of an access_token used to perform calls and a refresh_token used to get a fresh access_token, in fact access_token/id_token and refresh_token expires to reduce issues in the case a token is stolen.
First-time login
With the credentials provided login here
https://cents-api.auth.eu-west-1.amazoncognito.com/oauth2/authorize?client_id=51jaa1t8nvjsckbqns00p53ii1&response_type=code&scope=openid&redirect_uri=https%3A%2F%2Fapi.centsdonations.com%2Fv1%2Fpub%2Fcompany%2Fstart
You’ll see your first tokens, store them, this is a standard OAuth2 response
Access to API
Use the id_token to access the API, passing it in the Authorization header with the “Bearer “ word at the beginning (with the space), so Authorization: Bearer id_token
Refresh Token
To refresh access_token/id_token make this call
curl -X POST \
https://cents-api.auth.eu-west-1.amazoncognito.com/oauth2/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=refresh_token&client_id=51jaa1t8nvjsckbqns00p53ii1&refresh_token=REFRESH_TOKEN&redirect_uri=https%3A%2F%2Fapi.centsdonations.com%2Fv1%2Fpub%2Fcompany%2Fstart'