Skip to content

Fibre Gateway : Authentication (1.0)

Introduction

The Fibre Cafe is a scalable, unified platform to support L2C provisioning, in-life modification/cease and T2R trouble resolution between communication providers (CP) and network operators or aggregators.

The Fibre Cafe is secured using the standard OAuth 2.0 authorization protocol - all requests must include a valid access token. Tenant access tokens provide access to the Tenant API and supplier access tokens provide access to the Supplier Updates API. IP address whitelisting is also enabled so all callers must provide the static public IP address for any inbound traffic.

Access tokens can be retrieved from this endpoint - they are intended to be re-used and not created per request. The tokens will expire in 60 minutes by default - at which point a new token can be requested. __

© 2022-2026 Strategic Imperatives

Download OpenAPI description
index.json
index.yaml
Languages
Servers
https://prod.fibregateway.com/v1

Tenant authentication - retrieve access token.

Request

This endpoint is called to retrieve an access token which must be provided in the header on subsequent tenant calls to the gateway.

Either Authorization header or client id/secret must be provided.

Headers
Authorizationstring

The Authorization header is Basic Base64-encoded app client credentials - client_id:client_secret

Bodyapplication/x-www-form-urlencoded
grant_typestringrequired

Grant type - only client_credentials is supported at the moment

Example: "client_credentials"
scopestring

Limit to space-delimited list of scopes registered with the app client (optional)

Example: "com.fibregateway.<ENV_NAME>/tenant.all.all"
client_idstring

The ID of the app client - required if not using Authorization header

client_secretstring

The client secret for the app client - required if not using Authorization header

curl -i -X POST \
  https://prod.fibregateway.com/v1/auth/tenant/access-token \
  -H 'Authorization: string' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d grant_type=client_credentials \
  -d 'scope=com.fibregateway.<ENV_NAME>/tenant.all.all' \
  -d client_id=string \
  -d client_secret=string

Responses

Successfully generated access token

Bodyapplication/json
access_tokenstring

Access token to use in requests

Example: "eyJraWQiOiI3WEl6amJaakZjYlpWK..."
expires_instring

Token expiry in seconds (TTL)

Example: 3600
token_typestring

Token type

Example: "Bearer"
Response
application/json
{
  "access_token": "eyJraWQiOiI3WEl6amJaakZjYlpWK...",
  "expires_in": 3600,
  "token_type": "Bearer"
}

Supplier KCI authentication - retrieve access token.

Request

This endpoint is called to retrieve an access token which must be provided in the header on subsequent supplier KCI calls to the gateway.

Either Authorization header or client id/secret must be provided.

Headers
Authorizationstring

The Authorization header is Basic Base64-encoded app client credentials - client_id:client_secret

Bodyapplication/x-www-form-urlencoded
grant_typestringrequired

Grant type - only client_credentials is supported at the moment

Example: "client_credentials"
scopestring

Limit to space-delimited list of scopes registered with the app client (optional)

Example: "com.fibregateway.<ENV_NAME>/tenant.all.all"
client_idstring

The ID of the app client - required if not using Authorization header

client_secretstring

The client secret for the app client - required if not using Authorization header

curl -i -X POST \
  https://prod.fibregateway.com/v1/auth/supplier/access-token \
  -H 'Authorization: string' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d grant_type=client_credentials \
  -d 'scope=com.fibregateway.<ENV_NAME>/tenant.all.all' \
  -d client_id=string \
  -d client_secret=string

Responses

Successfully generated access token

Bodyapplication/json
access_tokenstring

Access token to use in requests

Example: "eyJraWQiOiI3WEl6amJaakZjYlpWK..."
expires_instring

Token expiry in seconds (TTL)

Example: 3600
token_typestring

Token type

Example: "Bearer"
Response
application/json
{
  "access_token": "eyJraWQiOiI3WEl6amJaakZjYlpWK...",
  "expires_in": 3600,
  "token_type": "Bearer"
}