Integration Guide

Contact Your CSM: Your dedicated Customer Success Manager (CSM) will provide you with your login credentials (invite email).

These steps are intended for LSports customers (users with the Admin and Defend Manager role, for technical users only) to obtain and use non-expiring credentials to access Defend services.

  1. The admin user should invite the technical users and add for each of them the 'Defend manager' role (with this role, they could generate the API Tokens for the Defend integration).

  2. To Generate a Non-Expiring API Token, here are the steps:

    1. Log in to the TRADE360 platform.

    2. Click on your name icon in the top-right corner → User Management.

    3. Select API Tokens from the sidebar.

    4. Click Generate Token.

    5. Enter a Description (e.g., "Defend ").

    6. Assign the Defend Admin role.

    7. Under Expiration, select Never.

    8. Click Create and Copy the Client ID and Secret Key.

      1. THIS CRUCIAL CREDENTIALS WILL BE AVAILABLE ONLY ONCE!! COPY AND SAVE IT!

  3. Exchange API Credentials for Access & Refresh Tokens

    • Endpoint:

      POST https://<lsports-frontegg-domain>.frontegg.com/identity/resources/auth/v1/api-token

    • Headers:

      Content-Type: application/json

    • Body:

      { "clientId": "<Client ID>", "secret": "<Secret Key>" }

    • Response:

      { "expires": "<Thu, 22 May 2025 11:49:22 GMT>", "expiresIn": 1800, "accessToken": "<JWT access token>", "refreshToken": "Refresh token>" }

    • Notes:

      • accessToken expiresIn = 30 minutes.

      • refreshToken lives for 7 days.

  4. Refresh the Access Token

    • Endpoint:

      POST https://<lsports-frontegg-domain>.frontegg.com/identity/resources/auth/v2/api-token/token/refresh

    • Headers:

      Content-Type: application/json

    • Body:

      { "refreshToken": "<Previous refreshToken>" }

    • Response:

      { "expires": "<Thu, 22 May 2025 11:49:22 GMT>", "expiresIn": 1800, "accessToken": "<JWT access token>", "refreshToken": "Refresh token>" }

  5. Use the Access Token For every API call to Defend backend services, include the latest accessToken in the Authorization header:

    Authorization: Bearer <accessToken>

Remember, the accessToken expires every 30 minutes.

Last updated

Was this helpful?