Authenticating calls to OCAPI

When using the OCAPI endpoints, calls made to Connect must include a JWT obtained from the Vista Global Authentication Service (GAS).

This option is also available on all other endpoints, in place of the connectApiToken header.

Obtaining a JWT

A JWT to be obtained from GAS at the url: https://auth.moviexchange.com/

The request requires the 'Content-Type' header to be set to 'application/x-www-form-urlencoded'

And must contain the following parameters: username, password, grant_type and client_id

Comprehensive documentation can be found at: https://apidocs.moviexchange.com/docs/authentication-and-client-secrets

Using the JWT

Whenever a request is made to connect, it will look for the Authorization header.

If it is present then the JWT supplied will be authenticated against the Global Authentication Service.

An invalid or non existent token will return a 401 unauthorized http response

For OCAPI endpoints, this is a requirement, and replaces the connectApiToken header used in previous versions.

However in the V1 and V2 endpoints if the Authorization header is not present it will instead use the connectApiToken for authentication.

You can link a GAS user to a Connect Client so that you can manage the permissions and behaviours for that user. You can do this via Connect Manager. See the Connect documentation for more information.

API reference

OCAPI (beta)

General

Reference data

Seating

Creating orders

Completing orders

Payment

Bookings

Unpaid bookings

Loyalty

Troubleshooting

Authenticating calls to OCAPI

Obtaining a JWT

Using the JWT