Logo
Authentication  

Authentication

Before your client can call any api resources, your client need to be authenticated.

1. Introduction

88GO System using Standard OAuth 2.0 protocol for authentication
Name Value
Protocol OAuth 2.0
Token Endpoint https://accounts.88go.vn/connect/token
Api Gateway for development https://sandbox.88go.vn
Api Gateway for production https://api.88go.vn
Grant Type client_credentials
Client Id View in your client in My Clients. If you don't have any clients, you can create once.
Client Secret View in your client in My Clients. If you don't have any clients, you can create once.
Allowed Scopes tours:read tours:write

2. Get Access Token

Follow OAuth 2.0 Standard, you can use any HttpClient or OAuthClient depend on you programming language. We use some simple code to get started

POST /connect/token HTTP/1.1
Host: accounts.88go.vn
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials&client_id=<client_id>&client_secret=<client_secret>


curl --location --request POST 'https://accounts.88go.vn/connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=<client_id>' \
--data-urlencode 'client_secret=<client_secret>'


var client = new RestClient("https://accounts.88go.vn/connect/token");
client.Timeout = -1;
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
request.AddHeader("Cookie", "__cfduid=d8c0092fbdb717f694850a371e81420f61589938759");
request.AddParameter("grant_type", "client_credentials");
request.AddParameter("client_id", "<client_id>");
request.AddParameter("client_secret", "<client_secret>");
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content);


OkHttpClient client = new OkHttpClient().newBuilder()
.build();
MediaType mediaType = MediaType.parse("application/x-www-form-urlencoded");
RequestBody body = RequestBody.create(mediaType, "grant_type=client_credentials&client_id=%26lt;client_id%26gt;&client_secret=%26lt;client_secret%26gt;");
Request request = new Request.Builder()
.url("https://accounts.88go.vn/connect/token")
.method("POST", body)
.addHeader("Content-Type", "application/x-www-form-urlencoded")
.build();
Response response = client.newCall(request).execute();

Sample response

{
    "access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjVBNkMyRDI5NEU4NjVBNzlDNzQ4MDIzOEQzNjJFNkNFMjNGRTQ5RTUiLCJ0eXAiOiJhdCtqd3QiLCJ4NXQiOiJXbXd0S1U2R1dubkhTQUk0MDJMbXppUC1TZVUifQ.eyJuYmYiOjE1ODk5Mzg2NDEsImV4cCI6MTU4OTk0MjI0MSwiaXNzIjoiaHR0cHM6Ly9hY2NvdW50cy1zdGcuODhnby52biIsImF1ZCI6InRvdXJzIiwiY2xpZW50X2lkIjoiMTBiZWQ3NTktODBmMi00NjE2LWE3MWMtZDFjMTVkMTcwNzAxIiwic2NvcGUiOlsidG91cnM6cmVhZCIsInRvdXJzOndyaXRlIl19.iMAUoCdWGJuzy1eb1N0v4OYmneu18JOHPJk7aWiAvmGQkeA3qjycvIX90pRniIldG9Zl4KCyWUADCHPWamcJf3yRBB1fTJDFrbXtpIJrv0N8l5CG932WSmWf42VzvRIMLnAw5qaS7uSku_MmkWWPe9N4wvCkIX06SIP7f2H7vFMZNNHAmG6U6sIYr3w9tTEvKm2K_2g9K7VJFQ1EZOiMO0_yDFkvK6TmTedGlYjpxWnbGZ3C2faOR9D5fyWoiGJFBFunJ4eaMV6q-h9WEva4KSM_cXucYgS_mG8p16AGKEPaQxomX_fm8QDaWzeL-cc1hdjWrNLPoQihJLBd9vBchg",
    "expires_in": 3600,
    "token_type": "Bearer",
    "scope": "tours:read tours:write"
}

You persist the access_token and add to header parameter when you call api Authorization: Bearer <access_token>
Note: The access_token has lifetime in 1 hour, then you need to refresh token. Most of the OAuth 2.0 client libraries is supportted auto renew access token.

3. Call api

When you have the access_token you can call any 88GO public api. Make sure you keep your client_secret and access_token in secret.

GET /api/services HTTP/1.1
Host: sandbox.88go.vn
Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjVBNkMyRDI5NEU4NjVBNzlDNzQ4MDIzOEQzNjJFNkNFMjNGRTQ5RTUiLCJ0eXAiOiJhdCtqd3QiLCJ4NXQiOiJXbXd0S1U2R1dubkhTQUk0MDJMbXppUC1TZVUifQ.eyJuYmYiOjE1ODk5Mzg2NDEsImV4cCI6MTU4OTk0MjI0MSwiaXNzIjoiaHR0cHM6Ly9hY2NvdW50cy1zdGcuODhnby52biIsImF1ZCI6InRvdXJzIiwiY2xpZW50X2lkIjoiMTBiZWQ3NTktODBmMi00NjE2LWE3MWMtZDFjMTVkMTcwNzAxIiwic2NvcGUiOlsidG91cnM6cmVhZCIsInRvdXJzOndyaXRlIl19.iMAUoCdWGJuzy1eb1N0v4OYmneu18JOHPJk7aWiAvmGQkeA3qjycvIX90pRniIldG9Zl4KCyWUADCHPWamcJf3yRBB1fTJDFrbXtpIJrv0N8l5CG932WSmWf42VzvRIMLnAw5qaS7uSku_MmkWWPe9N4wvCkIX06SIP7f2H7vFMZNNHAmG6U6sIYr3w9tTEvKm2K_2g9K7VJFQ1EZOiMO0_yDFkvK6TmTedGlYjpxWnbGZ3C2faOR9D5fyWoiGJFBFunJ4eaMV6q-h9WEva4KSM_cXucYgS_mG8p16AGKEPaQxomX_fm8QDaWzeL-cc1hdjWrNLPoQihJLBd9vBchg


curl --location --request GET 'https://sandbox.88go.vn/api/services' \
--header 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjVBNkMyRDI5NEU4NjVBNzlDNzQ4MDIzOEQzNjJFNkNFMjNGRTQ5RTUiLCJ0eXAiOiJhdCtqd3QiLCJ4NXQiOiJXbXd0S1U2R1dubkhTQUk0MDJMbXppUC1TZVUifQ.eyJuYmYiOjE1ODk5Mzg2NDEsImV4cCI6MTU4OTk0MjI0MSwiaXNzIjoiaHR0cHM6Ly9hY2NvdW50cy1zdGcuODhnby52biIsImF1ZCI6InRvdXJzIiwiY2xpZW50X2lkIjoiMTBiZWQ3NTktODBmMi00NjE2LWE3MWMtZDFjMTVkMTcwNzAxIiwic2NvcGUiOlsidG91cnM6cmVhZCIsInRvdXJzOndyaXRlIl19.iMAUoCdWGJuzy1eb1N0v4OYmneu18JOHPJk7aWiAvmGQkeA3qjycvIX90pRniIldG9Zl4KCyWUADCHPWamcJf3yRBB1fTJDFrbXtpIJrv0N8l5CG932WSmWf42VzvRIMLnAw5qaS7uSku_MmkWWPe9N4wvCkIX06SIP7f2H7vFMZNNHAmG6U6sIYr3w9tTEvKm2K_2g9K7VJFQ1EZOiMO0_yDFkvK6TmTedGlYjpxWnbGZ3C2faOR9D5fyWoiGJFBFunJ4eaMV6q-h9WEva4KSM_cXucYgS_mG8p16AGKEPaQxomX_fm8QDaWzeL-cc1hdjWrNLPoQihJLBd9vBchg'


var client = new RestClient("https://sandbox.88go.vn/api/services");
client.Timeout = -1;
var request = new RestRequest(Method.GET);
request.AddHeader("Authorization", "Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjVBNkMyRDI5NEU4NjVBNzlDNzQ4MDIzOEQzNjJFNkNFMjNGRTQ5RTUiLCJ0eXAiOiJhdCtqd3QiLCJ4NXQiOiJXbXd0S1U2R1dubkhTQUk0MDJMbXppUC1TZVUifQ.eyJuYmYiOjE1ODk5Mzg2NDEsImV4cCI6MTU4OTk0MjI0MSwiaXNzIjoiaHR0cHM6Ly9hY2NvdW50cy1zdGcuODhnby52biIsImF1ZCI6InRvdXJzIiwiY2xpZW50X2lkIjoiMTBiZWQ3NTktODBmMi00NjE2LWE3MWMtZDFjMTVkMTcwNzAxIiwic2NvcGUiOlsidG91cnM6cmVhZCIsInRvdXJzOndyaXRlIl19.iMAUoCdWGJuzy1eb1N0v4OYmneu18JOHPJk7aWiAvmGQkeA3qjycvIX90pRniIldG9Zl4KCyWUADCHPWamcJf3yRBB1fTJDFrbXtpIJrv0N8l5CG932WSmWf42VzvRIMLnAw5qaS7uSku_MmkWWPe9N4wvCkIX06SIP7f2H7vFMZNNHAmG6U6sIYr3w9tTEvKm2K_2g9K7VJFQ1EZOiMO0_yDFkvK6TmTedGlYjpxWnbGZ3C2faOR9D5fyWoiGJFBFunJ4eaMV6q-h9WEva4KSM_cXucYgS_mG8p16AGKEPaQxomX_fm8QDaWzeL-cc1hdjWrNLPoQihJLBd9vBchg");
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content);


OkHttpClient client = new OkHttpClient().newBuilder()
.build();
Request request = new Request.Builder()
.url("https://sandbox.88go.vn/api/services")
.method("GET", null)
.addHeader("Authorization", "Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjVBNkMyRDI5NEU4NjVBNzlDNzQ4MDIzOEQzNjJFNkNFMjNGRTQ5RTUiLCJ0eXAiOiJhdCtqd3QiLCJ4NXQiOiJXbXd0S1U2R1dubkhTQUk0MDJMbXppUC1TZVUifQ.eyJuYmYiOjE1ODk5Mzg2NDEsImV4cCI6MTU4OTk0MjI0MSwiaXNzIjoiaHR0cHM6Ly9hY2NvdW50cy1zdGcuODhnby52biIsImF1ZCI6InRvdXJzIiwiY2xpZW50X2lkIjoiMTBiZWQ3NTktODBmMi00NjE2LWE3MWMtZDFjMTVkMTcwNzAxIiwic2NvcGUiOlsidG91cnM6cmVhZCIsInRvdXJzOndyaXRlIl19.iMAUoCdWGJuzy1eb1N0v4OYmneu18JOHPJk7aWiAvmGQkeA3qjycvIX90pRniIldG9Zl4KCyWUADCHPWamcJf3yRBB1fTJDFrbXtpIJrv0N8l5CG932WSmWf42VzvRIMLnAw5qaS7uSku_MmkWWPe9N4wvCkIX06SIP7f2H7vFMZNNHAmG6U6sIYr3w9tTEvKm2K_2g9K7VJFQ1EZOiMO0_yDFkvK6TmTedGlYjpxWnbGZ3C2faOR9D5fyWoiGJFBFunJ4eaMV6q-h9WEva4KSM_cXucYgS_mG8p16AGKEPaQxomX_fm8QDaWzeL-cc1hdjWrNLPoQihJLBd9vBchg")
.build();
Response response = client.newCall(request).execute();

Sample response

[
    {
        "id": 1,
        "name": "Xe sân bay",
        "description": "xe sân bay",
        "image_url": "http://d1tk9xiz5drrcz.cloudfront.net/carthree.png",
        "options": [
            {
                "id": 1,
                "name": "Đi Cao Tốc",
                "description": "Đi Cao Tốc"
            }
        ],
        "supported_cities": [
            "Lào Cai",
            "Yên Bái",
            "Điện Biên",
            "Hòa Bình",
            "Lai Châu",
            "Sơn La",
            "Bắc Giang",
            "Hà Giang",
            "Cao Bằng",
            "Bắc Kạn",
            "Bắc Cạn",
            "Phú Thọ",
            "Quảng Ninh",
            "Hà Nội",
            "Hải Phòng",
            "Bắc Ninh",
            "Hà Nam",
            "Hải Dương",
            "Hưng Yên",
            "Thái Nguyên",
            "Nam Định",
            "Ninh Bình",
            "Thái Bình",
            "Vĩnh Phúc",
            "Thanh Hoá",
            "Nghệ An",
            "Hà Tĩnh",
            "Quảng Bình",
            "Quảng Trị",
            "Thừa Thiên Huế",
            "Lạng Sơn",
            "Tuyên Quang"
        ]
    }
]

Note: When your application has been approved to run in production. You change the api base url from https://sandbox.88go.vn to https://api.88go.vn
Please visit API Reference to view all api specification.