OAuth provides client applications secure delegated access to Skyswitch Telco API resources on behalf of a resource owner. Resource owners authorize clients to access their Telco API resources. OAuth allows access tokens to be issued to clients, with the approval of the resource owner. The client then uses the access token to access the protected resources hosted by the Telco API.
Roles
Resource Owner
An entity capable of granting access to a protected resource. In the case of the Telco API, this is any reseller of SkySwitch.
Client
An application making protected resource requests on behalf of the resource owner and with the resource owner's authorization. This could be the SkySwitch-hosted interface for the Telco API, or a customer-developed interface which interacts with the Telco API.
Resource Server
The resource server is the API used to access the resource owner's information. This is the Telco API.
Client ID & Secret
After registering your application with SkySwitch, you will receive a client ID and a client secret, used by the Telco API to authenticate the client. The client ID is considered public information. The client secret must be kept confidential.
Contact the Skyswitch Control Tower to get the client ID and client secret.
Authorization
The first step of OAuth 2 is to get authorization from the user. While the OAuth 2 specification provides several "grant types" for different use cases, the Telco API supports the password grant type.
Resource Owner Password Credentials
The resource owner's credentials (i.e., username and password) can be used directly to obtain an access token. The credentials should only be used when there is a high degree of trust between the resource owner and the client.
Even though this grant type requires direct client access to the resource owner credentials, the resource owner credentials are used for a single request and are exchanged for an access token. This grant type eliminates the need for the client to store the resource owner credentials for future use, by exchanging the credentials with a long-lived access token or refresh token.
Scopes
Scopes let the client specify exactly what type of access it needs to the resource owner's account. Scopes limit the access of OAuth tokens. They do not grant any additional permission beyond that which the resource owner already has.
Scope | Description |
---|---|
account | Allows client to interact with the resource owner's accounts. This includes the account associated with the resource owner and any child accounts. |
user | Allows application to manage users. |
catalog | Allows client to view catalog of purchasable phone numbers. |
phone_number | Allows client to manage the resource owner's inventory. This includes purchasing phone numbers from the catalog, adding BYOT phone numbers and disconnecting phone numbers. |
routing | Allows client to manage the routing of the resource owner's phone numbers. This includes routing and unrouting phone numbers. |
e911 | Allows client to manage the e911 services of the resource owner. This includes adding, creating, updating and deleting e911 services for phone numbers. |
billing | Allows client to manage the billing information for the resource owner's account(s). |
lnp | Allows client to manage local number portability requests belonging to the resource owner. This includes creating new requests, as well as reading, supplementing and canceling existing requests. |
back_office | Allows client to perform back office functionality on behalf of the resource owner. This functionality is reserved for SkySwitch staff. |
carrier | Allows application to manage carriers. |
pbx | Allows application to manage pbx. |
entitlement | Allows application to manage entitlements services. |
uc_config | Allows application to manage uc config services. |
messaging | Allows application to manage messaging services. |
report | Allows application to manage reports services. |
branding | Allows application to manage branding services. |
port-in | Allows application to manage port-in services. |
ten_dlc | Allows application to manage 10-dlc services. |
tollfree_a2p | Allows application to manage toll-free A2P services. |
Authorization Header
For API calls other than those in this Auth section, the access token must be passed as a bearer token in an Authorization header.
curl -X GET \
https://api.skyswitch.com/resource \
-H 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6Ijc1Njk3N2ViOWQxNDEyM2NhODQwNWNjOGZlZDRmNWEwMzMxODFhODg0YzNhY2EzYTRjYzVmNmQ4OWUxYzFlMThkMDdjNDIzODk5OTcxYTM0In0.eyJhdWQiOiI1IiwianRpIjoiNzU2OTc3ZWI5ZDE0MTIzY2E4NDA1Y2M4ZmVkNGY1YTAzMzE4MWE4ODRjM2FjYTNhNGNjNWY2ZDg5ZTFjMWUxOGQwN2M0MjM4OTk5NzFhMzQiLCJpYXQiOjE1NzE4NDYzNDIsIm5iZiI6MTU3MTg0NjM0MiwiZXhwIjoxNTcxODY3OTQyLCJzdWIiOiI3MTgiLCJzY29wZXMiOlsiKiJdfQ.abS1c36zgy1KHnj2d7Gq-aL3zrNq8D1u1AcF6dXRhwZOaWy2yQEYx_tqGY9O-lb_vpL_OOu9hLcprnTwxIiU6Li6f7TLv3lZsKD2bQMB05ie9CLhFd6CrDNnOt5k-RgM3zRIWrjsbv1uN_B9BHm4zkTza2ee0cXuyrVkRungKyKnxwDQAU-zNTv1Q8PH2eBE_rgNbinOeU5fXxJxk4oYVMbct9ihg-ZMjtlUzIXaZZBifh6fOvwB6eDUO3EG-QMiAb1Cq5XNtGuAtXw_NJO9AbYauVtJm-keCOwBdTbNaAGEwz6RWvlw08BZRWl-GbXSz4TtrM8sPaAqm3-8JkhJUmyURzkDN9dh4G-mtaTThaSMdKvAllVM8NKY4BUgc_dGIhjrY2kYDy7YtW9KymAEEYrJlhk5rCHmEAoh0tjfhmiNuQKdFXaRL2UN8uxE65jVB67gZgZRpBpZYwtL7Zp1DYLIp9m3pwXVVU9sz44cpJa0UTt_CGnITPZn7yffJ4bnUNLn9-U4SzlAmguZtdEpWux3Tzpwmjk_NG7_guAX7Ze-Tel6MHnUflgwQU3eNpZvf95JunsMmC_g2piVN44tJYmdrmqQoj8uCBkybCW34GokrkBEbKMHvQSBv3oEL55SpmydoQQs1cmtfnbV0BSlUytxWrzaqjqSn7lsZMHhr-I' \