XOMNI: Experience Omni-Channel

Last Updated: March 10, 2016

This API generates access and identity tokens. You can use access tokens in order to access XOMNI APIs. You can generate identity tokes by specifying PII user information then you can use identity tokens and make operations on XOMNI APIs on behalf of the PII user.

Request

{
   "AppId":"152ea590-9ea0-4a78-8894-e7b8ecdad43d",
   "AppSecret":"dc8f1dcd-be45-4da8-a256-21839a93569337522968-019e-4bd7-becd-6e01285444da",
   "PhysicalDeviceId":"1",
   "Username":"username",
   "Password":"pass",
   "LoyaltyUsername":"loyaltyusername",
   "LoyaltyPassword":"loyaltypassword"
}
HTTP Method Resource URI
POST https://{tenantName}.api.xomni.com/oauth/token

Request Body Description

Parameter Name Description Type Conditions
AppId Unique ID of the oauth application. String
AppSecret Unique secret value of the oauth application. String
PhysicalDeviceId Unique ID of the physical device that requests oauth token. String
UserName Username of the member String
Password Password of the member String
LoyaltyUserName Loyalty user name. String
LoyaltyPassword Loyalty Password String

Request Headers

Header Field Name Description
Content-Type
Content type of the response entity. The value of this header is always application/json.
Accept
Includes minor version header.
Sample: application/vnd.xomni.api-v4-0, */*

Response

{
   "IdentityToken":"152ea5909ea04a788894e7b8ecdad43d",
   "AccessToken":"dc8f1dcdbe454da8a25621839a93569337522968019e4bd7becd6e01285444da",
   "IdentityTokenExpirationDate":"2020-08-14T14:07:54.813",
   "AccessTokenExpirationDate":"2020-08-14T14:07:54.813",
   "Roles":[
      "oauth",
      "publicapi",
      "managementapi",
      "privateapi"
   ]
}

Response Body Description

Parameter Name Description Type
IdentityToken Token that contains PII and member info. You can use this token for PII spesific APIs. String
IdentityTokenExpirationDate Expiration date of the identity token. Date
AccessToken Access token that you can use in order to access XOMNI APIs. String
AccessTokenExpirationDate Expiration date of the access token. Date
Roles Roles of the token. Array

If request contains PII information, response contains identitytoken related fields. Otherwise, response contains only access token fields.

Response Headers

Header Field Name Description
Content-Type
Content type of the response entity. The value of this header is always application/json.

Status Codes

A successful operation returns status code 200 (OK) for POST operations. Possible response status codes are as listed below:

Status Code Description
401 (Unauthorized) OAuth token request is invalid.