Token-based Authentication

For Truckstop's REST APIs, there are two different API calls to get tokens. These will be the same for both authentication methods, Resource Owner Password for Proprietary systems and Authentication code flow for 3rd party TMS systems.

  1. Obtain Access/Refresh tokens

This is the API call that is used to get the first set of tokens when you are sending over a username and password (Resource Owner Password grant type) or an Authentication Code (Auth Code grant type). When the call is made successfully, it will return an access token, a refresh token, and the specific product claims that the user is licensed for.

📘

Important Notes

  • The access token is good for 20 minutes with unlimited uses across Truckstop's APIs
    • This is the token that is used to make the functional API calls (post load, etc.).
  • The refresh token is good for only six months or one single use (whichever comes first) and needs to be stored for the following API call.

  2. Exchange refresh token for new Access/Refresh token pair

This API call is used to get a new set of tokens. Using the refresh token that you have saved, this call will grant you a new access token and refresh token. You should update your token storage with the new set of tokens as the old ones are now invalid.

At this point, the first API call should not be used unless the refresh token has been lost, or you are validating a brand-new user.