Authentication API
Modified on: 2025-11-26 14:36
TABLE OF CONTENTS
We use various technologies and processes to secure the information stored on the DerbySoft servers. Data encryption, access limitation to system components and customer credit data, necessary tracking, and monitoring are used to ensure security. Based on AWS services, DerbySoft builds an isolated data environment that fully complies with PCI (Payment Card Industry) security compliance requirements, which can effectively reduce the risk of data theft, identity fraud, and unauthorized transactions.
The document is here for reference only and as an example of how DerbySoft is aware and staying on top of such things in the industry.
To connect to the DerbySoft Ticket APIs, you have to use AuthZ and have a client credential that includes Client ID and Client Secret.
Credentials Generation Flow
AuthZ Urls by Environments:
UAT Environment:
https://ticket-distributor-public.derbysoft-test.com/ticket-distributor-authorizer/token
Production Environment:
The URLs will be provided via Email
REQUEST
Request Header
| Level | Field Name | Data Type | Required | Description | Example |
|---|---|---|---|---|---|
| 1 | Authorization* | String | Y | Base64 encoded client credential here | Basic base64(client_id:client_secret) |
| 1 | Content-Type* | String | Y | Must be form URL encoded | application/x-www-form-urlencoded |
2.3.2 Request Body(Form URL Encoded)
| Level | Field Name | Data Type | Required | Description | Example |
|---|---|---|---|---|---|
| 1 | grant_type* | String | Y | Must be client_credentials | client_credentials |
Request Example
Post https://ticket-distributor-public.derbysoft-test.com/ticket-distributor-authorizer/token
RESPONSE
Response schema
| Level | Field Name | Data Type | Required | Description | Example |
|---|---|---|---|---|---|
| 1 | access_token* | string | Y | ||
| 1 | scope | string | N | All by default | shop.all reservation.all product.all livecheck.all |
| 1 | token_type* | string | Y | Bearer | |
| 1 | expires_in* | string | Y | 28800 |
Response Example
{
"access_token": "***Token Here***",
"scope": "shop.all reservation.all product.all livecheck.all",
"token_type": "Bearer",
"expires_in": 28800
}Note: The “authorization” is made up of “Bearer” and “access_token”. When you call the specific API, please add “Bearer” and space “ “ as the prefix of “access_token”. For example: Bearer eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJURVNUIiwiYXVkIjoiVEVTVCIsIm5iZiI6MTc1NTIyNTA5MSwic2NvcGUiOlsic2hvcC5hbGwiLCJyZXNlcnZhdGlvbi5hbGwiLCJwcm9kdWN0LmFsbCIsImxpdmVjaGVjay5hbGwiXSwiaXNzIjoiaHR0cHM6Ly93d3cuZGVyYnlzb2Z0LmNvbSIsImV4cCI6MTc1NTI1Mzg5MSwiaWF0IjoxNzU1MjI1MDkxLCJqdGkiOiIwMWU0YzZhZi1iYTk2LTQxOWQtYWNlMy00MTcyNThmYjQ3YjciLCJkaXMiOiJURVNUIn0.hJRqIvPySbtlYLz4u6vtc5Vx_1Uz3hdrkabRU4dwoQfcUAmoRheN85vtqHE5J7L3uk-risfZCymrtRkJJu--JvgEm8Clj-jQuVqVys3S1f3zkzJVoBH6W1LhUxrRsB-9l6tya-tOJAzxMqtlX1ZeY1EgLKibTT3ZE-rKs20V2VzgyWKrr82iUG2hLfANdpFE9z2BAfUE9KcfbGbMg8MqhjVinHa4oFjXY7xw-QsTLq8WccXD6VFY_cIB98EJJ6bTJy6HPUFRQhNaEBo7SpW8LAZ8r6IfD-O0a1tYcJ6ULFsc9sBc0VZ8xhDb2pKZTqezviOf9T288UQIAJapQRMRaA
Did you find it helpful? Yes No
Send feedback