Skip to content

Token

Token generation

  • Endpoint:
POST /token
  • Allowed for:

Anyone

  • JSON request

To get an access token from the password method:

Name Type Mandatory Comment
grant_type string yes Equals to password
domain string yes Subdomain of the client, ex demo
username string yes Username of the user
password string yes Password of the user
scope string no offline will provide a refresh token in the response

Example:

{
  "grant_type": "password",
  "domain": "demo",
  "username": "foo@bar.com",
  "password": "123456",
  "scope": "offline"
}

To get an access token from the refresh_token method:

Name Type Mandatory Comment
grant_type string yes Equals to refresh_token
refresh_token string yes Refresh token of the user

Example:

{
  "grant_type": "refresh_token",
  "refresh_token": "NdfkmsDFNSIJ5GDASKP",
}
  • JSON response:
Name Type Comment
token_type string Equals to bearer
access_token string Generated acces token
refresh_token string If requested via the scope offline
  • JSON response example:
{
  "token_type": "bearer",
  "access_token": "NdfkmsDFNSIJ5GDASKP.NdfkmsDFNSIJ5GDASKP.NdfkmsDFNSIJ5GDASKP",
  "refresh_token": "NdfkmsDFNSIJ5GDASKP"
}

Token revocation

  • Endpoint:
POST /token/revoke
  • Allowed for:

Anyone

  • JSON request

To revoke a refresh token:

Name Type Mandatory Comment
refresh_token string yes Refresh token to be revoked

Example:

{
  "refresh_token": "NdfkmsDFNSIJ5GDASKP"
}
  • JSON response

HTTP code 204