OAuth2 Standards

QQCatalyst uses OAuth2 as our authentication mechanism. All API consumer applications are required to authenticate and authorize both the application and the user against QQCatalyst. OAuth 2.0 is the next evolution of the OAuth protocol originally created in 2006. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. If you are developing with Visual Studio, we highly recommend that you use the tools provided in the DotNetOpenAuth libraries, which can be found here or in NuGet inside Visual Studio.

After you have successfully signed up with QQ Solutions for access to the API as mentioned in the Getting Started section, you can use the callback URL and custom token to call the OAuth Login Server. The two URLs that you will need to access the Login server are:

Authorize: https://login.qqcatalyst.com/oauth/authorize

Token: https://login.qqcatalyst.com/oauth/token

Active Authentication

When your application leverages our active authentication, your users will be prompted for their QQCatalyst credentials as part of the authentication process. This is the recommended method for 3rd party access to QQCatalyst when using a visual application. By using OAuth2 standards with an active authentication, no 3rd party developer will need to gather or store a user's login credentials; instead they will redirect QQCatalyst users to our login page as shown below. When using this method, the url of our login site should always start with "https://login.qqcatalyst.com/" and the page should have the following security log at the bottom right hand corner.

Login Example Security Icon

Enterprise API Access

Enterprise API access would require an API key and API secret provided from Vertafore. Additionally, your organization should provide a list of IP addresses that would connect to QQCatalyst API servers.
In Order to access the Enterprise API, Request should have Authorization header string in the fromat of clientid:clientsecrete (Provided by Vertafore) in Base64 format encoded with ISO-8859-1


<