Days Out Guide Banner


Table of contents
  1. Authorisation
    1. Request headers
    2. Generating an access token
      1. Request parameters
      2. Example request
      3. Response object fields
      4. Example JSON response
    3. Handling expired tokens
      1. Invalid token error


Authorisation

The API is protected by a token based authentication system, each access token has a lifespan of 24 hours.

Requests to the API must be sent with an “Authorization” header containing the access token.

Request headers

Header name Value
Authorization “Bearer ACCESS-TOKEN-GOES-HERE

Generating an access token

To obtain a token you must POST to the /token API endpoint with three parameters. Each request to the /token API endpoint will generate a new unique access token and automatically force existing access tokens to be invalid.

Request parameters

Parameter Description Validation rules
grant_type The authorisation grant type
(For the Days Out Guide API this will always be “password”)		 Must always be set to “password”
username The API user’s username
password The API user’s password

Example request 

https://api.daysoutguide.co.uk/token?grant_type=password&username=demoUser&password=LxZsWrGV

Response object fields

Field name Description Type
access_token The access token string
token_type The access token type
(For the Days Out Guide API this will always be “bearer”)		 string
expires_in The time in milliseconds until the generated access token expires int

Example JSON response 

{
    "access_token": "mLoY8DEiLcjvv4_kS6diTCIieKJA2Hip3xRruJLj8QgOVhaXHsW3MwD3kEF47ARKnWP8n6Q2C4ISf1Wi0tnQ2FK54N1UXDQBjxp1J6dWqjzLnzhjY7DFc_OSWw09a7cB15orZDc5M5Cv_CF9MuFQ5cHxRWVS7ilMkED5Z83t7FvWJMRrsUK49rhaJuxKBk2XAnGqo7PkG1lUp1oyDldfRNVCIkHUF2JkK97qyVwkuqddfcuUMzIRuBnHqCtWqbLxkjRJ5HF7LaEssph4NllV7b6hE5aNb_u36qlNCAkYGOShB-iVhv_ZSzmCziBS2Pmk4wt5iopTLPxZ3AfG58jkPg",
    "token_type": "bearer",
    "expires_in": 86399
}

For optimum performance it is recommended to store a copy of your access token within your application until it expires as the token generation process is intensive and can be slow.

Handling expired tokens

If you make a request to an API endpoint using an invalid or expired token you can expect the following response from the API:

Invalid token error 

{
    "message": "Authorization has been denied for this request."
}

In this scenario it is recommended to make an attempt to obtain a new token from the API via the /token endpoint and retry the original request again. Any further errors experienced after retrying the request should be handled gracefully by your application rather than continuing to attempt retrying request.

Back to top