API Authorization
Access Token
To ensure the security of API calls, HENGSHI API adopts the highest security interaction model in OAuth2: Access Token.
How secure is the Access Token:
First, the Client ID and Client Secret required to apply for the Token must be issued by a user with the system administrator role.
Second, the Token has a validity period, which is 12 hours.
Additionally, if a leak is discovered, the Token can be revoked immediately.
Operation Steps
Open the Settings->Security Management->API Authorization
page to perform CRUD operations on API authorization.
Create Client ID and Client Secret
Select Add Authorization
, enter the authorization name in the popup, and click Confirm to generate the Client ID and Client Secret.
Check Enable Sudo
to allow users to call this user's API as any user within the system.
Select an API authorization, and copy buttons will appear next to clientID and clientSecret. Click to obtain the required clientID and clientSecret.
Get Access Token
See Get Token