Serving OAuth Token for Getty's API

Since Getty's OAuth flow relies on secure machine-to-machine communication, we need to implement authentication on a server and then serve the access token securely to our client. The following example sets up an express server to forward the token request to Getty's OAuth endpoint.

First, we construct the request options for the API call. The url points to Getty's OAuth2 server https://api.gettyimages.com/oauth2/token and the OAuth options contain the grant_type, client_id, and client_secret.

Next, we implement an endpoint to request the token. Note that we need to set the requisite CORS headers. Upon successful termination, we return the result to our client.


const express = require("express");
const request = require("request");
const dotenv = require("dotenv");

const app = express();
dotenv.config({ path: ".env.local" });

const port = 9191;

const options = {
  method: "POST",
  url: "https://api.gettyimages.com/oauth2/token",
  headers: {
    "Content-Type": "application/x-www-form-urlencoded",
    Accept: "application/json",
  },
  form: {
    grant_type: "client_credentials",
    client_id: process.env.VITE_APP_API_KEY,
    client_secret: process.env.CLIENT_SECRET,
  },
};

app.get("/token", (req, res) => {
  res.setHeader("Access-Control-Allow-Origin", "*");
  res.setHeader("Access-Control-Allow-Credentials", true);
  request(options, function (error, response) {
    if (error) {
      res.json(error);
    } else {
      res.json(JSON.parse(response.body));
    }
  });
});

app.listen(port, () => {
  console.log(`Application started on http://localhost:${port}`);
});