The Pyxis API utilizes an OAuth variant that performs authentication, authorization, cryptography, and session management. From the caller’s standpoint, the implementation utilizes a limited lifetime bearer token to allow access to the API. Obtaining the token is, itself, protected by a shared secret type authorized call.
To obtain a security bearer token for the first time or when your current one expires, you will need to call a separate API protected by HTTP basic authentication with a shared secret. Both the login credentials and the string will be set up when you are set up in the Pyxis system by CPP personnel. When the security token expires you will receive an HTTP 511 error code. This indicates that you need to obtain a new a new security token. At present, security tokens are set to expire in about 10 days although this can change if need is determined by CPP.
For all API calls, you will pass the obtained security token in the “Authorization” header. In this Authorization header, the type is Bearer Token and the value is security token obtained from the security API call described below.