Get an Access Token (Authorization Code Grant Type)

In order to generate an Access Token using the Authorization Code Grant Type, you'll need to do the following:

  1. Locate a Subscription Key
  2. Request an Authorization Code
  3. Exchange the Authorization Code for an Access Token

Locate a Subscription Key

Alongside a ClientID and ClientSecret, Emergency Reporting API endpoints use a Subscription Key ("Ocp-Apim-Subscription-Key") as an additional form of authentication. Whether it's a Developer Subscription Key used to make sample API requests or a Subscription Key granted to an Agency, a Subscription Key is needed for all API requests made through the ERS API Developer Portal.

To locate a Subscription Key ("Ocp-Apim-Subscription-Key"), Sign In to the Emergency Reporting API Developer Portal and perform the following steps:

  1. Navigate to your Profile
  2. Locate a Product subscription and tap/click "Show" next to Primary Key
    • Note: Subscription Keys for both development and for associated Customers/Agencies are available within a Developer Account Profile Dashboard automatically
  3. Replace the "Ocp-Apim-Subscription-Key" value ("YOUR_SUBSCRIPTION_KEY") in your request with the Subscription Key from your Developer Profile Dashboard

Get an Authorization Code

Request URL

POST https://data.emergencyreporting.com/auth/Authorize.php

Request Details

    HEADER
    Ocp-Apim-Subscription-Key: YOUR_SUBSCRIPTION_KEY
    Content-Type: application/json

    BODY
    {
        "response_type": "code",
        "client_id": "YOUR_CLIENT_ID",
        "username": "ERS_ACCOUNT_USERNAME",
        "password": "ERS_ACCOUNT_PASSWORD",
        "state": "xyz"
    }

    CODE EXAMPLE
    curl -X POST \
        https://data.emergencyreporting.com/auth/Authorize.php \
        -H 'Content-Type: ' \
        -H 'Ocp-Apim-Subscription-Key: YOUR_SUBSCRIPTION_KEY' \
        -H 'cache-control: no-cache' \
        -d '{
        "response_type": "code",
        "client_id": "YOUR_CLIENT_ID",
        "username" : "ERS_ACCOUNT_USERNAME", 
        "password" : "ERS_ACCOUNT_PASSWORD",
        "state" : "xyz"
    }'

    RESPONSE
    "https:\/\/secure.emergencyreporting.com?code=YOUR_AUTHORIZATION_CODE&state=xyz"

Exchange the Authorization Code for an Access Token

Request URL

POST https://data.emergencyreporting.com/authtoken/Token.php

Request Details

    HEADER
    Ocp-Apim-Subscription-Key: YOUR_SUBSCRIPTION_KEY
    Content-Type: application/json

    BODY
    {
        "grant_type": "authorization_code",
        "code": YOUR_AUTHORIZATION_CODE,
        "client_id": "YOUR_CLIENT_ID",
        "client_secret": "YOUR_CLIENT_SECRET",
        "redirect_uri": "YOUR_REDIRECT_URI"
    }

    CODE EXAMPLE
    curl -X POST \
        https://data.emergencyreporting.com/authtoken/Token.php \
        -H 'Content-Type: application/json' \
        -H 'Ocp-Apim-Subscription-Key: YOUR_SUBSCRIPTION_KEY' \
        -H 'cache-control: no-cache' \
        -d '{
        "grant_type": "authorization_code",
        "code": "YOUR_AUTHORIZATION_CODE",
        "client_id": "YOUR_CLIENT_ID",
        "client_secret": "YOUR_CLIENT_SECRET",
        "redirect_uri": "YOUR_REDIRECT_URI"
    }'

    RESPONSE
    {
        "access_token": "YOUR_ACCESS_TOKEN",
        "expires_in": 3600,
        "token_type": "Bearer",
        "scope": null,
        "refresh_token": "YOUR_REFRESH_TOKEN"
    }

Success!

You can now send a request to an API endpoint using an Access Token

    HEADER
    Ocp-Apim-Subscription-Key: YOUR_SUBSCRIPTION_KEY
    Content-Type: application/json
    Authorization: YOUR_ACCESS_TOKEN

Let's Try: Generate an Authorization Code and Access Token Using Postman

Follow these steps to generate an Authorization Code and an Access Token in Postman:

Get an Authorization Code

  1. Set the request type to POST and add https://data.emergencyreporting.com/auth/Authorize.php in the URL field
  2. Create a new request in Postman and configure the Headers tab
    KEY VALUE
    Content-Type application/json
    Ocp-Apim-Subscription-Key YOUR_SUBSCRIPTION_KEY
  3. Postman Header Configuration
  4. In the Body tab, select "raw" and enter the following code (replacing values for client_id, username and password)
        {
            "response_type": "code",
            "client_id": "YOUR_CLIENT_ID",
            "username": "ERS_ACCOUNT_USERNAME",
            "password": "ERS_ACCOUNT_PASSWORD",
            "state": "xyz"
        }
    
    Postman Body Settings
  5. Right-click your request tab for this request in Postman and select "Duplicate Tab"
    • The new tab will be used to request your access token
    • Since lifetime of Authentication Code is short, creating two tabs can be helpful
    • Do not process the Authentication Code request quite yet

Get an Access Token

  1. In your duplicated Postman tab, update your Postman URL to https://data.emergencyreporting.com/authtoken/Token.php and verify your Request Type is POST
  2. Keep Postman Header settings the same
  3. Postman Header Settings
  4. In the Body tab, make sure "raw" is selected and replace existing code with the following
    • Leave YOUR_AUTHORIZATION_CODE value as is for now, this will be replaced in a future step
    • Replace values for client_id, client_secret and redirect_uri
        {
            "grant_type": "authorization_code",
            "code": "YOUR_AUTHORIZATION_CODE",
            "client_id": "YOUR_CLIENT_ID",
            "client_secret": "YOUR_CLIENT_SECRET",
            "redirect_uri": "YOUR_REDIRECT_URI"
        }
    
  5. Navigate back to the original Postman Authorization tab and send the request
  6. Copy the Authorization Code value returned in the Response URL
    • Your Authorization Code will be displayed behind the "...usercallback?code=" and in front of the "&state..." in the response URL
  7.     RESPONSE
        "https:\/\/secure.emergencyreporting.com?code=YOUR_AUTHORIZATION_CODE&state=xyz"
    
    Postman Authorization Code
  8. Navigate to the second (duplicated) Postman Authorization tab and paste the Authorization code value into the "code" line of the Body code
  9. Quickly send the request on the second (duplicated) Postman Authorization tab
  10. Postman Header and Body Configuration
  11. Review the API Response. If the response was successful, your Access Token will be displayed in the "access_token" value in the Body response.
  12.     RESPONSE
        {
            "access_token": "YOUR_ACCESS_TOKEN",
            "expires_in": 3600,
            "token_type": "Bearer",
            "scope": null,
            "refresh_token": "YOUR_REFRESH_TOKEN"
        }
    

Back to Top