API LIBRARY
Collapse Sidebar Menu
Expand Drawer

OAuth2 Authentication for RETS

While legacy RETS authentication (using Basic HTTP auth) will still work and is not presently slated for deprecation, we are encouraging all RETS users to migrate to OAuth2 for their authentication.

Legacy RETS uses your account credentials in the header of every request, whereas OAuth2 only requires you to transmit the credentials once, replacing it all other times with a short-lived bearer token. This dramatically reduces your vulnerability to man-in-the-middle attack.

Note that the query for authentication is exactly like the one for WebAPI, except that the value for the "scope" field is "rets" instead of "api".

After receiving an authentication token, provide the following HTTP header on your RETS requests:

‚ÄčAuthorization: Bearer [token value]‚Äč

Examples

Code Example

curl -X POST \
--output "token.json" \
--basic -u $username:$password \
-H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" \
-k -d "grant_type=client_credentials&scope=rets&client_id=$username" \
'https://api-prod.corelogic.com/trestle/oidc/connect/token'

Result

{
    "access_token": [TOKEN],
    "expires_in": 3600,
    "token_type": "Bearer"
}

Code Example

<?php

$request = new HttpRequest();
$request->setUrl('https://api-prod.corelogic.com/trestle/oidc/connect/token');
$request->setMethod(HTTP_METH_POST);

$request->setHeaders(array(
    'cache-control' => 'no-cache'
));

$request->setContentType('application/x-www-form-urlencoded');
$request->setPostFields(array(
  'client_id' => '$username',
  'client_secret' => '$password',
  'grant_type' => 'client_credentials',
  'scope' => 'rets'
));

try {
  $response = $request->send();

  echo $response->getBody();
} catch (HttpException $ex) {
  echo $ex;
}

Result

{
    "access_token": [TOKEN],
    "expires_in": 3600,
    "token_type": "Bearer"
}