TT Help System

Authorisation is necessary so that data can be accessed via the TWeb Public API. The process of authorisation involves a client requesting an Access Token by submitting its Client ID and Client Secret to the authorisation endpoint. Depending on parameters specified by the client, the Access Token may be via:

the reponse body, or
a HTTP cookie.

The Access Token will expire 30 minutes after it is issued, after which the client will need to authorise again.

Request

The authorisation endpoint depends on the server used by your company to login to TWeb:

T-WEB Server	T-WEB Login URL	API Endpoint
www	`https://www.tweb.com.au/v2/`	`https://publicapi.tweb.com.au/v1/Authorise`
www2	`https://www2.tweb.com.au/v2/`	`https://publicapi2.tweb.com.au/v1/Authorise`
gt	`https://gt.tweb.ttfuel.com/v2/`	`https://publicapi.gt.tweb.ttfuel.com/v1/Authorise`
uae	`https://uae.tweb.ttfuel.com/v2/`	`https://publicapi.uae.tweb.ttfuel.com/v1/Authorise`

The endpoint only accepts HTTP POST requests. The following POST parameters must be included with the request:

clientID
clientSecret
tokenStorageMedium

The Client ID and Client Secret will be given to you by Transponder Technologies. These are securely-generated random strings. The Client ID has the following validation rule specifications:

Rule	Specification
Minimum length	16 characters
Maximum length	40 characters

And the Client Secret has the following validation rule specifications:

Rule	Specification
Minimum length	16 characters

The Token Storage Medium parameter accepts the values: body or cookie.

The following POST parameters may optionally be included with the request:

targetID

The Target ID can be used to link a request with its response, if necessary. When supplied it is always returned in the response. It has the following validation rule specifications:

Rule	Specification
Maximum length	100 characters
Allowable characters	`/[0-9a-zA-Z_]*/`

Request Examples

A request that returns the Access Token as a cookie and stores it in cookiejar.txt:

curl -c cookiejar.txt -iskX POST -d "clientID=example123456789&clientSecret=example123456789&tokenStorageMedium=cookie&targetID=abc123" https://publicapi.tweb.com.au/v1/Authorise

A request that returns the Access Token in the response body:

curl -skX POST -d "clientID=example123456789&clientSecret=example123456789&tokenStorageMedium=body&targetID=abc123" https://publicapi.tweb.com.au/v1/Authorise

Response

The response from the authorisation endpoint has the following JSON format:

{
    "Data": {
        "Items": [
            {
                "AccessToken": "0123456789ABCDEF0123456789ABCDEF01234567"
            }
        ],
        "Meta": {
            "Endpoint": "/v1/Authorise",
            "TargetID": "abc123",
            "Title": "Public API: Authorisation"
        }
    },
    "Error": {
        "Code": 0,
        "Status": "OK"
    }
}

Note that the Data.Items JSON property will be empty, i.e. [], when the token storage medium is set to cookie.

The Access Token string conforms to the following rule specifications:

Rule	Specification
Allowable characters	Uppercase hexadecimal
Length	40 characters

The Error JSON property is included in all responses from the TWeb Public API. The possible responses during authorisation are:

Error Code	Error Name	Explanation
0	OK	The authorisation was successful and returned an Access Token.
1	Server Error	This issue either does not fit any of the other codes or is due to a bug in the Public API code.
4000	Rate Limit Exceeded	This is the second request within a 1 second period.
4001	Account Blocked	The maximum number of attempts to authorise has been exceeded. This error code is not applicable in development.
4002	Account Inactive	Account Inactive.
4004	Misconfigured Account	This Client ID does not have a Client Secret assigned.
4005	Error Generating Access Token	The generated Access Token does not conform to the specifications.
4006	Invalid Authorisation	Either the Client ID or the Client Secret did not conform to their specifications.
4007	Invalid Token Medium	The Token Medium did not conform to the specifications.
4009	Not A Public API Account	The Client ID exists, however it does not have access to the TWeb Public API.
4104	Invalid Target ID	The Target ID did not conform to the specifications.