In this blog, we are going to discuss the things you need to know first on how to use the Telstra API. We will show you how to generate the Authentication token, how to retrieve the API client key and secret, etc.
This tutorial aims to help you with:
- Set up your TelstraDev API environment
- Obtaining Client key and Client Secret
- Generate Access Token
Setting up TelstraDev API environment in Postman
Postman is an API client that makes it easy for developers to create, test and document APIs. You can download Postman here.
After Postman was successfully installed, we can now import the collection to Postman by copying and pasting this link:
There we have it. API endpoints are now listed in the sidebar. Before we proceed with generating our access token, let’s create an environment first.
Steps in creating a Postman environment:
- Click the environment options (Gear Icon) and select manage environments.
- Click Add.
- Name your environment. In this tutorial, just name it Telstra.
- Under the key field, type “host” and “tapi.telstra.com” as the value.
- Save the environment by clicking Add.
Obtaining Client Key and Secret
Client Key is the public Identifier for your application. On the other hand, Client Secret is the secret key known only to the application and authorization server.
Client key and client secret are essential to access the API. Here are the steps you need to follow in order to acquire your API client key and client secret.
- Log in to Telstra dev portal. https://dev.telstra.com. If you don't have an account, you can register for free.
- Once you have logged in to TelstraDev Portal, select the Develop in Menu, and then select My apps & keys.
- By default, the Free Trial APIs app is already created on your account. You can use the default API Client Key and Secret that comes with this app or you can also create your own app. To find out which APIs are accessible with a free account, check out our pricing and plans page https://dev.telstra.com/pricing-plan.
Please take note that you don’t necessarily need to create multiple apps. However, if you want to track your API usage for different TelstraDev API (Messaging, Connected Thing, etc), creating multiple apps will help you as it will track the API usage per application.
- Click the drop-down arrow on the application, then click on the key tab. Your Client Key and Client secret will now be shown. Do not share your Client Key or Secret to anyone.
- Client key and Client secret are required parameter in OAuth2 authentication. You can refer to this link for more information on OAuth2 authentication https://oauth.net/2/
- Once the client key and secret are secured, you can now access our APIs.
Generate Access Token
The access token is used in token-based authentication to allow an application to access an API. The application receives an Access Token after a user successfully authenticates and authorizes access, then passes the Access Token as a credential when it calls the target API. The passed token informs the API that the bearer of the token has been authorized to access the API and perform specific actions specified by the scope that was granted during authorization.
TelstraDev API uses OAuth2 for its authentication. OAuth2 is the preferred method of authenticating access to the API. OAuth2 allows authorization without the external application getting the user's email address or password. Instead, the external application gets a token that authorizes access to the user's account. The user can revoke the token for one application without affecting access by any other application.
Here are the steps in Generating Access Token using OAuth2 in TelstraDev API.
Browse your collection and under OAuth folder select “Generate OAuth token” and it will open a new tab. To generate an access token, we will be passing four parameters. You can find your client_id and client_secret via My Apps & Keys.
client_id: //your client ID *required client_secret: //your client secret *required grant_type: client_credentials *required scope: NSMS
Here’s a sample body for requesting an access token.
Once you have provided the correct values for each parameter, click send. You will get the response containing your access token. Note that the token is valid for an hour.
Notice under your environment settings, the access token was added automatically.
If you have further questions, please email us at email@example.com.