Authentication

For certain cases we support a server to server authentication process. This will allow a tenant to receive an access token that can be used for accessing our APIs. This access token is not tied to any particular user and must be used for appropriate use cases. The access token must be stored securely and never exposed outside of your system except to call our APIs.

Note - this endpoint conforms to OpenID Token Endpoint. Please be aware that the body is sent form encoded with the content type application/x-www-form-urlencoded.

Request

Environments

Please note our server to server authentication environment is different than our SSO one. See Environments for more details.

URL

/v1/oauth2/token

For the token exchange you will send the following fields.

Name

Value

grant_type

client_credentials

scope

A space-delimited list of permissions that the application requires.

client_id

The same client_id value you sent in to the authorization step.

client_secret

This is your client secret that was generated when the client was configured.

Response

Name

Description

access_token

This token can be used to call any of our APIs that you have the right permissions and scopes to call.

expires_in

The number of seconds the access token is good for.

token_type

Bearer

Documentation

OIDC Token

post

Token Endpoint as described in https://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint. A user access token can be passed as a scope to associate the account to create user specific, 'client_credentials', server tokens as described in https://datatracker.ietf.org/doc/html/rfc6749#section-4.4.

Body

client_idstringRequired

Your OAuth2 client id

client_secretstringRequired

Your OAuth2 client secret

codestringOptional

The OAuth code used for retrieving a bearer token

grant_typestringRequired

Grant type

partner_session_idstringOptional

Any session ids you want us to persist on the session

partner_stream_idstringOptional

Any session ids you want us to persist on the session

redirect_uristringOptional

The OAuth2 redirect URI

refresh_tokenstringOptional

The OAuth refresh token.

scopestringRequired

A space separated list of scopes. To extend a user token for a token with broader scopes the original access token should be before the scope list followed by a space.

assertionstringOptional

The JWT assertion to exchange for an access token when grant_type is jwt_bearer.

Responses

200

tokens

application/json

400

Bad request

application/json

401

Forbidden

application/json

404

Not Found

application/json

429

Rate Limited

application/json

500

Internal error

application/json

post

/v1/oauth2/token

POST /v1/oauth2/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept: */*
Content-Length: 211

"client_id='text'&client_secret='text'&code='text'&grant_type='text'&partner_session_id='text'&partner_stream_id='text'&redirect_uri='text'&refresh_token='text'&scope='text'&assertion='text'"

{
  "access_token": "fiatz2H1kXuV59EdN_jeCA32qHuBOz...",
  "expires_in": 3600,
  "id_token": "eyJhbGciOiJFZERTQSIsIdsdjfbgksu...",
  "refresh_token": "firt6tsF90LTf8LYCYPtdh8q4qr3c...",
  "token_type": "Bearer"
}

PreviousServer to Server NextEnvironments

Last updated 9 months ago

hashtagRequest

hashtagEnvironments

hashtagURL

hashtagResponse

hashtagDocumentation

hashtagOIDC Token

Request

Environments

URL

Response

Documentation

OIDC Token