The customer API provides functionality for simple account and session management. Most of the resources in this API require application authentication and/or an active accesstoken.
Enabling a customer to log in via your app requires a 2-step process;
1. First, the customer must authorise your app to use their account. You can initiate this process by sending them to
https://sandbox-api.ladbrokes/com/forms/authorise-client along with the appropriate query parameters (see section 2.1 in Developer Manual). If the customer successfully authenticates themself and chooses to grant privileges to your app, we will return a token back to your application.
a. In the case of the Authorisation Code grant type, this will be an Authorisation Code. Go to step 2.
b. In the case of the Implicit Grant type, this will be an access-token. You can now use this token whenever you need to provide a Bearer token in the
Authorisation header. Skip step 2
2. You can now send the Authorisation Code to the OAuth2 Token Endpoint (section 6.4 Developer Manual), and in return you will get an Access-Token.
a. You can now use this token whenever you need to provide a Bearer token in the Authorisation header.
b. You may also receive a ‘refresh_token’ in the response. You can use this instead of an authorisation code to automatically start a new session without having to go through step 1 again. The lifetime of the refresh token is specified by the customer, and it can be revoked at any time.