Token
Token generation
- Endpoint:
POST /token
- Allowed for:
Anyone
- JSON request
To get an access token from the password
method:
Name | Type | Mandatory | Comment |
---|---|---|---|
grant_type | string | yes | Equals to password |
domain | string | yes | Subdomain of the client, ex demo |
username | string | yes | Username of the user |
password | string | yes | Password of the user |
scope | string | no | offline will provide a refresh token in the response |
Example:
{
"grant_type": "password",
"domain": "demo",
"username": "foo@bar.com",
"password": "123456",
"scope": "offline"
}
To get an access token from the refresh_token
method:
Name | Type | Mandatory | Comment |
---|---|---|---|
grant_type | string | yes | Equals to refresh_token |
refresh_token | string | yes | Refresh token of the user |
Example:
{
"grant_type": "refresh_token",
"refresh_token": "NdfkmsDFNSIJ5GDASKP",
}
- JSON response:
Name | Type | Comment |
---|---|---|
token_type | string | Equals to bearer |
access_token | string | Generated acces token |
refresh_token | string | If requested via the scope offline |
- JSON response example:
{
"token_type": "bearer",
"access_token": "NdfkmsDFNSIJ5GDASKP.NdfkmsDFNSIJ5GDASKP.NdfkmsDFNSIJ5GDASKP",
"refresh_token": "NdfkmsDFNSIJ5GDASKP"
}
Token revocation
- Endpoint:
POST /token/revoke
- Allowed for:
Anyone
- JSON request
To revoke a refresh token:
Name | Type | Mandatory | Comment |
---|---|---|---|
refresh_token | string | yes | Refresh token to be revoked |
Example:
{
"refresh_token": "NdfkmsDFNSIJ5GDASKP"
}
- JSON response
HTTP code 204