Authenticated Calls

This document will show the use case for when and how to use a machine to machine token with collector number to get collector data. Collector-Number header is usually set by us decoding the member token but this process wont work for when clients want to use the m2m token, so client would have to send Collector-Number header ONLY when using m2m.

Collector-Number header should not be passed when using a member token, we have auth rules that will fail the request when this happens

M2M

curl --location 'https://uat.cdn.airmilesapis.ca/offers?region=ON' \
--header 'Authorization: Bearer <M2M token>' \
--header 'x-origin-client: <CLIENT>' \
--header 'Collector-Number: <COLLECTOR>'

Member

curl --location 'https://uat.cdn.airmilesapis.ca/offers?region=ON' \
--header 'Authorization: Bearer <Member token>' \
--header 'x-origin-client: <CLIENT>'

These apply to all three of the offer service api /offers, /offers/{id}, /offers/{id}/states