To receive access and work with the desired optt project API, you’ll need to obtain a valid access token which grants you a proper authorization for your request. This document describes all the required steps and information you’ll need to know. To begin, you must place this info in the header of all requests:

1- Request URL

https://gateway.optt.ca:8092/gateway/uaa/oauth/token

2- Request Method Type
 POST
3- Input type
 Query Parameter

A complete example of an API call:

https://gateway.optt.ca:8092/gateway/uaa/oauth/token?password=123456&username=institute&grant_type=yourpassword

Api Inputs:

Parameter Name	Parameter Type	Description
username	string	Username of the Requester
Password	string	Requester password
grant_type	string	Always put a password

Sample Response in JSON format:

{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MDM2Njk1MDYsInVzZXJfbmFtZSI6Imluc3RpdHV0ZSIsImF1dGhvcml0aWVzIjpbIklOU1RJVFVURSJdLCJqdGkiOiI2NWJhNDFhNy05OThlLTQwZjEtYmUyYS1hMDI2YzYwZWQ3ZGQiLCJjbGllbnRfaWQiOiJvcHR0LTAyZWU3N2RjLWFjNDUtNDM0NC04MTdlLTE3Y2E1MmI1OGI1ZCIsInNjb3BlIjpbInJlYWQiLCJ3cml0ZSJdfQ.LteUnSohWZOQNs9yTLnASVDdT1w1oZ6rJJYjFmx69x32_wpb7E_d5bsB0OFsBOXXLgSC0KHR2_W9uvETxZXJ_EfEQPtyDn2zpWCLnzyeup4cfNCGw9mQymgbxNuxXAJjFpw1E1s1gs7uWLZOk5aGVOW9qhVYP7LyuVB-AQVFKydJVb0SM6nJoyKWA95N3bysR8rh-q_PWMUU7ZNLSuXUnOBe9BiG0IJK0iN-fohJQdnR8FhA2aEirbdmHvlL2NVx57QyE7Q3QX5_-0DsFWQxuUhqgEsl_Ef3zB2BZUCymugodb-fuhw1fBDO0S_dPdLShz3ghGy1PeL3rUZsWyw5Uw”,
"token_type": "bearer",
"refresh_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiJpbnN0aXR1dGUiLCJzY29wZSI6WyJyZWFkIiwid3JpdGUiXSwiYXRpIjoiNjViYTQxYTctOTk4ZS00MGYxLWJlMmEtYTAyNmM2MGVkN2RkIiwiZXhwIjoxNjAzNjY5NTA2LCJhdXRob3JpdGllcyI6WyJJTlNUSVRVVEUiXSwianRpIjoiZjQxNjJkYTUtZDlhMC00NjRkLWE1YTctNjkwNzI1NGRiNjYwIiwiY2xpZW50X2lkIjoib3B0dC0wMmVlNzdkYy1hYzQ1LTQzNDQtODE3ZS0xN2NhNTJiNThiNWQifQ.L3RuCnCBf1WYV1u9ini9VkbASdrZ0kzWBY6s7ybrasWtE1FxdvXJcBW36BSQ4BHYDjU4vzYb8KS0JmV9FeCwVUL7nF2Q5ytlYm6jbVTlTmdBMo7Kbc4xxF4XOG_qOT_tEgPv3jLzlK0XUFq_bZONF4Z_yHqQWZ0oV1aqj4oHv9hEKfnmsRihSgN3QG0twnl52hGPzUoO64CLXmmvg3iSGnZU2Ancit9Lqj4UXiaQGd2DjESngUwokAFzB3SwaUaa9idgDd-CiDA_-TyVV5qtO8toBi4YCfht8_1efwoAqw4TQ7knEEoqAxLPV5s7FPBp_FhOR6pnhkFKEEZolEkDPg",
"expires_in": 35999,
"scope": "read write",
"jti": "65ba41a7-998e-40f1-be2a-a026c60ed7dd"
}

Important Point:
It is better to save the service response in the client cache so that it can then read the token from the cache to call another API and put it in the header in next requests.

Second important point:
If the token mentioned in the service response time elapsed after the token expires, the token is no longer valid for the server.
To retrieve, you can use the API refresh token and receive a new valid token.