OAuth2 Authentication

The Online Registration Center’s Registration Data API leverages the OAuth 2.0 protocol for authentication and authorization. OAuth 2.0 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service. This external application gets a token that authorizes access to the user's account.
In order to request access to the Online Registration Center API, the following information must be received from the Online Registration Center system:

api_client_key
api_client_secret
api_access_token
api_refresh_token

The originally granted access_token will expire 24 hours after it is generated, and in order to obtain a new valid access token, you must use the refresh_token to request a new access token. In addition, only secured (https) requests can be made to the API.

Refreshing an Access Token

The Refresh Token procedure provides a new access_token that you will use to authenticate subsequent requests to the API. Like the originally granted token, this expires in 24 hours. You must use the newly provided refresh_token to request a subsequent new access token. You also need to store the new refresh token every time you request and store a new access token. The refresh_token expires after the amount of time set in the expires_in field (in hours).
Note: Once a Refresh Token is used to receive a new Access Token, you will be provided with a new Refresh Token as well, which will need to be maintained in order to request the next access token.
Refreshing an access token requires you to POST to https://api.onlineregistrationcenter.com/token/

Parameters
grant_type
string
The desired grant type, as per the OAuth 2.0 spec. Defaults to “refresh_token”
refresh_token
string
The refresh token provided when the most recent access_token was granted

Headers
Authorization
string
The word “Basic ” (with a space) concatenated with a base64 encoded string of your client_id, a colon, and your client_secret passed via the Authorization header.
Example: “Basic “ + base64_encode(CLIENT_ID + ":" + CLIENT_SECRET)
Content-Type
string
"application/x-www-form-urlencoded"

Response
access_token
string
access_refresh_token
string
expires_in
integer


Event Roster Request

This retrieves a list of all attendees in event roster.
Post URL: https://api.onlineregistrationcenter.com/roster/

Parameters
module_id
integer
The desired module id in your Online Registration Center account.
export_id
integer
The data export template id.  Only “Registration Data” type can be accepted. “Full Record” default profile will be used if not provided.
access_token
string
Your Online Registration Center API access token provided after authenticating with OAuth 2.0

Headers
Authorization
string

The word “Basic ” (with a space) concatenated with a base64 encoded string of your client_id, a colon, and your client_secret passed via the Authorization header.
Example: “Basic “ + base64_encode(CLIENT_ID + ':' + CLIENT_SECRET)
Content-Type
string
"application/x-www-form-urlencoded"


Response Sample

{
    "attendees": [
        {
            "module_id": 0,
            "summary": "string",
            "module_city": "string",
            "module_state": "string",
            "start_date": "date",
            "trackno": "string",
            "trxdate": "date/time",
            "lname": "string",
            "fname": "string",
            "email": "string"
        },
        {
            "module_id": "integer",
            "summary": "string",
            "module_city": "string",
            "module_state": "string",
            "start_date": "date",
            "trackno": "string",
            "trxdate": "date/time",
            "lname": "string",
            "fname": "string",
            "email": "string"
        }
    ]
}