|
|
Line 1: |
Line 1: |
− | <translate>= Request Access Token=
| + | #REDIRECT [[3.18:User-management-api-specification/SecurityandAuthentication]] |
− | Requests an access token.
| |
− | | |
− | == Request ==
| |
− | === URL ===
| |
− | http[s]://<host>/configapi/v2/oauth/token
| |
− | | |
− | === Parameters ===
| |
− | {|border="1" style="border-collapse:collapse" cellpadding="5"
| |
− | | '''Parameter'''
| |
− | | '''Required?'''
| |
− | | '''Description'''
| |
− | |-
| |
− | | grant_type
| |
− | | Required
| |
− | | The value must be ''client_credentials''
| |
− | |-
| |
− | | client_id
| |
− | | Required
| |
− | | Login ID
| |
− | |-
| |
− | | client_secret
| |
− | | Required
| |
− | | User API secret
| |
− | |-
| |
− | | tenant
| |
− | | Required
| |
− | | Tenant URL
| |
− | |}
| |
− | | |
− | === Example ===
| |
− | The following HTTP POST requests an access token for the https://example.com web service. The ''client_id'' identifies the user on behalf of the application using the access token.
| |
− | | |
− | POST /configapi/v2/oauth/token HTTP/1.1
| |
− |
| |
− | Host: example.com
| |
− |
| |
− | Content-Type: application/x-www-form-urlencoded
| |
− |
| |
− | grant_type=client_credentials&client_id=client-id&client_secret=qkDwDJlDfig2IpeuUZYKH1Wb8q1V0ju6sILxQQqhJ&tenant=example.com
| |
− | | |
− | | |
− | == Access Token Response ==
| |
− | A success response contains a JSON OAuth 2.0 response with the following parameters.
| |
− | | |
− | === Parameters ===
| |
− | {|border="1" style="border-collapse:collapse" cellpadding="5"
| |
− | | '''Parameter'''
| |
− | | '''Description'''
| |
− | |-
| |
− | | access_token
| |
− | | The requested access token.
| |
− | | |
− | The calling application can use this token to authenticate to the receiving service.
| |
− | |-
| |
− | | token_type
| |
− | | Indicates the token type value.
| |
− | The only supported type is Bearer.
| |
− | | |
− | For more information about bearer tokens, see ''The OAuth 2.0 Authorization Framework: Bearer Token Usage'' (RFC 6750).
| |
− | |-
| |
− | | expires_in
| |
− | | How long the access token is valid (in seconds).
| |
− | |}
| |
− | | |
− | === Example of Response ===
| |
− | The following example shows a success response to a request for an access token to a web service.
| |
− | | |
− | {
| |
− | "access_token":"eyJhbGciOiJSUzI1NiI5q9Jgt...6HznsvPWy7UP3MINA",
| |
− | "token_type":"Bearer",
| |
− | "expires_in":"3599",
| |
− | }
| |
− | | |
− | | |
− | == Use the Access Token to Access the Resource ==
| |
− | Now when an ''access_token'' is successfully acquired, it is possible to use the token in requests to Web APIs by including it in the Authorization header. RFC 6750 explains how to use bearer tokens in HTTP requests to access protected resources.
| |
− | | |
− | === Authenticated API Request Example ===
| |
− | GET /data HTTP/1.1
| |
− |
| |
− | Host: example.com
| |
− |
| |
− | Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbW4t
| |
− | | |
− | | |
− | | |
− | | |
− | | |
− | </translate>
| |