...
Example REST request
Headers
X-Application: 'your
appApp key'
X-Authentication : 'your session token'
Accept: application/json
Content-Type: application/json
Endpoint
Endpoint
https://api.betfair.com/exchange/account/rest/v1.0/token/
Request
codetitle | Request Body |
---|
{"client_id"="4534","grant_type":"AUTHORIZATION_CODE","code":"-22a1-12151008-000007cb61","client_secret":"bc183d-f5-40dc-82a6-d97681"}
Response
codetitle | Response |
---|
{"access_token":"KeOi+kyg2RvDK4HM+W46CvSnP5w=","refresh_token":"50d76117-7f85-375v-a38f-ffb332713f93","application_subscription":{"vendor_client_id":"456238"},"token_type":"BEARER","expires_in":"14400"}
...
Example Token request - Json-RPC
Headers
...
title | Headers |
---|
X-Application'
...
:
...
'your
...
App
...
key'
...
X-Authentication'
...
:
...
'your
...
session
...
token'
...
Accept:application/json
...
Endpoint
...
Endpoint
https://api.betfair.com/exchange/account/json-rpc/v1
Request
...
title | Request |
---|
{"jsonrpc":
...
"2.0",
...
"method":
...
"AccountAPING/v1.0/token",
...
"params":
...
{"client_id":"CLIENTID","grant_type":"AUTHORIZATION_CODE","code":"CODE","client_secret":"CLIENTSECRET"},
...
"id":
...
1
...
}
OAuth 2 Flow - Using the Refresh Token
When the access token expires, it is possible to create a new one without any user input, using the refresh token. This is done with the same call that was used to create it originally, the token operation, but with a different set of parameters:
Header: 'X-Application' : 'your app key'
Header: 'X-Authentication' : 'your session token'
client_id: your vendor ID, obtained from /wiki/spaces/OL/pages/1671181
grant_type: 'REFRESH_TOKEN'
refresh_token: the refresh token for the user
client_secret: your secret, obtained from/wiki/spaces/OL/pages/1671181
This will return the same information as the original call:
access_token: the access token, used to call Betfair on the user's behalf
token_type: meta data for the access token (see 'Making calls on the user's behalf')
expires_in: how long the access token will be valid for (in seconds)
refresh_token: the refresh token remains the same
application_subscription: contains the vendor client ID, a unique identifier for a user
Example request using REST
...
https:
//api.betfair.com/exchange/account/rest/v1.0/token?client_id=VENDOR_ID&client_secret=VENDOR_SECRET&grant_type=REFRESH_TOKEN&refresh_token=50d76117-7f85-375v -a38f-ffb332713f93
Example response
...
{
"access_token"
:
"KeOi+kyg2RvDK4HM+W46CvSnP5w="
,
"refresh_token"
:
"50d76117-7f85-375v-a38f-ffb332713f93"
,
"application_subscription"
:{
"vendor_client_id"
:
"456238"
},
"token_type"
:
"BEARER"
,
"expires_in"
:
"14400"
}
You can user the 'expires_in' value to determine when the access token will stop being valid. Alternatively, if calls made with the access token start returning an INVALID_SESSION error, it is likely that the token has expired.
Making API Calls On The Users Behalf
...
You will need to populate headers in a different way to a standard API call:
X-Application: your application key
Authorization: token_type + " " + access_token
The Authorization header needs to be a concatenation of the token type and the access token (both returned by the token call), separated by a space.
...
These calls also have to be from back-end to back-end.
User Revocation
The user may choose to revoke the permissions previously granted to your web application. This will invalidate the access token and destroy your refresh token. Any subsequent calls to Betfair using the access token, or any attempt to generate a new one using the refresh token will result in either an INVALID_SESSION exception or UNEXPECTED_ERROR respectively.
Legacy Subscriptions
The way subscriptions are handled for web applications differ greatly from the way they were for desktop based applications. The subscription token model is no longer enforced, however you may still choose to create and manage subscriptions using the existing API calls.
...
The available operations are the following:
getApplicationSubscriptionToken
activateApplicationSubscription
cancelApplicationSubscription
updateApplicationSubscription
listApplicationSubscriptionTokens
getApplicationSubscriptionHistory
If you do use these calls to manage subscriptions, the token call will return information on the most relevant subscription (i.e. the subscription with the latest expiration date) as part of the application_subscription object.
Flow Diagram
Sample Code
Sample code that demonstrates the web apps interaction is available via https://github.com/betfair/sample-web-app-vendor/
...