...
Code Block | ||
---|---|---|
| ||
https://mywebsite.com/newjoiner?code=12345 |
Info |
---|
You will need to propagate this code to your back-end, from which you will have to exchange it for an access token. The access token will allow you to use the Betfair API on the user's behalf. To obtain it, the access token you will need to call the token operation on the Accounts API |
Example Token
...
Request
The token call takes the following parameters:
...
Warning | ||
---|---|---|
| ||
To protect sensitive information such as your app key and secret, it is important that the token operation only be called from server to server. |
...
Code Block | ||
---|---|---|
|
...
Headers
X-Application: 'your App key' |
...
X-Authentication : 'your session token' |
...
Accept: |
...
application/json |
...
Content-Type: |
...
application/json |
...
...
Endpoint |
...
https://api.betfair.com/exchange/account/rest/v1.0/token/ |
...
Request
Request Body {"client_id"="4534","grant_type":"AUTHORIZATION_CODE","code":"-22a1-12151008-000007cb61","client_secret":"bc183d-f5-40dc-82a6-d97681 |
...
Response
Response {"access_token":"KeOi+kyg2RvDK4HM+W46CvSnP5w=","refresh_token":"50d76117-7f85-375v-a38f-ffb332713f93","application_subscription":{"vendor_client_id":"456238"},"token_type":"BEARER","expires_in":"14400"} |
...
Code Block | ||
---|---|---|
|
...
|
...
|
Headers
X-Application |
...
: 'your App key' X-Authentication |
...
: 'your session token' Accept: application/json |
...
Endpoint
Content-Type: application/json Endpoint https://api.betfair.com/exchange/account/json-rpc/v1 |
...
Request |
...
{"jsonrpc": "2.0", "method": "AccountAPING/v1.0/token", "params": {"client_id":"CLIENTID","grant_type":"AUTHORIZATION_CODE","code":"CODE","client_secret":"CLIENTSECRET"}, "id": 1 } |
OAuth 2 Flow - Using the Refresh Token
When the access token expires, it is possible to create a new one without any user input, using the refresh token. This is done with the same call that was used to create it originally, the token operation, but with a different set of parameters:, e.g grant_type REFRESH_TOKEN.
Header: 'X-Application' : 'your app key'
...
refresh_token: the refresh token for the user
client_secret: your secret, obtained from/wiki/spaces/OL/pages/1671181
This will return the same information as the original call:
access_token: the access token, used to call Betfair on the user's behalf
...
application_subscription: contains the vendor client ID, a unique identifier for a user
Code Block | ||
---|---|---|
|
...
| |
https://api.betfair.com/exchange/account/rest/v1.0/token?client_id=VENDOR_ID&client_secret=VENDOR_SECRET&grant_type=REFRESH_TOKEN&refresh_token=50d76117-7f85-375v-a38f-ffb332713f93 |
...
Code Block | ||
---|---|---|
| ||
{"access_token":"KeOi+kyg2RvDK4HM+W46CvSnP5w=","refresh_token":"50d76117-7f85-375v-a38f-ffb332713f93","application_subscription":{"vendor_client_id":"456238"},"token_type":"BEARER","expires_in":"14400"} |
...
Tip |
---|
You can user the 'expires_in' value to determine when the access token will stop being valid. Alternatively, if calls made with the access token start returning an INVALID_SESSION error, it is likely that the token has expired. |
Making API Calls On The Users Behalf
...
The Authorization header needs to be a concatenation of the token type and the access token (both returned by the token call), separated by a space.
Example:
Betfair will use the access token to determine which user the calls are being made for.
...
The user may choose to revoke the permissions previously granted to your web application. This will invalidate the access token and destroy your refresh token. Any subsequent calls to Betfair using the access token, or any attempt to generate a new one using the refresh token will result in either an INVALID_SESSION exception or UNEXPECTED_ERROR respectively.
Legacy Subscriptions
...
The available operations are the following:
- getApplicationSubscriptionToken
- activateApplicationSubscription
- cancelApplicationSubscription
- updateApplicationSubscription
- listApplicationSubscriptionTokens
- getApplicationSubscriptionHistory
If you do use these calls to manage subscriptions, the token call will return information on the most relevant subscription (i.e. the subscription with the latest expiration date) as part of the application_subscription object.
Flow Diagram
Sample Code
Sample code that demonstrates the web apps interaction is available via https://github.com/betfair/sample-web-app-vendor/
...