From Bright Pattern Documentation
< 3.16:User-management-api-specification
Revision as of 00:08, 14 November 2018 by Tracy (talk | contribs) (Created page with "<translate>= Request Access Token= Requests an access token. == Request == === URL === http[s]://<host>/configapi/v2/oauth/token === Parameters === {|border="1" style="bo...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
• 3.16 • 3.17 • 3.18

Request Access Token

Requests an access token.

Request

URL

http[s]://<host>/configapi/v2/oauth/token

Parameters

Parameter Required? Description
grant_type Required The value must be client_credentials
client_id Required Login ID
client_secret Required User API secret
tenant Required Tenant URL

Example

The following HTTP POST requests an access token for the https://example.com web service. The client_id identifies the user on behalf of the application using the access token.

POST /configapi/v2/oauth/token HTTP/1.1

Host: example.com

Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials&client_id=client-id&client_secret=qkDwDJlDfig2IpeuUZYKH1Wb8q1V0ju6sILxQQqhJ&tenant=example.com


Access Token Response

A success response contains a JSON OAuth 2.0 response with the following parameters.

Parameters

Parameter Description
access_token The requested access token.

The calling application can use this token to authenticate to the receiving service.

token_type Indicates the token type value.

The only supported type is Bearer.

For more information about bearer tokens, see The OAuth 2.0 Authorization Framework: Bearer Token Usage (RFC 6750).

expires_in How long the access token is valid (in seconds).

Example of Response

The following example shows a success response to a request for an access token to a web service.

{
"access_token":"eyJhbGciOiJSUzI1NiI5q9Jgt...6HznsvPWy7UP3MINA",
"token_type":"Bearer",
"expires_in":"3599",
}


Use the Access Token to Access the Resource

Now when an access_token is successfully acquired, it is possible to use the token in requests to Web APIs by including it in the Authorization header. RFC 6750 explains how to use bearer tokens in HTTP requests to access protected resources.

Authenticated API Request Example

GET /data HTTP/1.1

Host: example.com

Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbW4t