Access and Refresh Token API

  • Updated

The Client ID, Client Secret, Redirect URI and Code generated in Priava, need to be used to get an access token and refresh token. The access token will be used for authenticating the API requests discussed in these documents. It’s important to remember that access tokens expire after 6 hours, so the refresh token needs to be used to get a new access token when the first access token expires.


Getting an Access Token

POST - /rest/oauth/token

Headers:

The following headers should be included in your request:

      Content-Type: application/x-www-form-urlencoded;charset=utf-8     
      TenantRegion: [ APAC | EU | US ]

Data:

      grant_type=authorization_code&client_id=xxxxxxxx&client_secret=yyyyyyyy&code=zzzzzzzz&redirect_uri=https://my.app.com/oauth2callback
    

Response:

If successful, you will receive a JSON response with the required tokens, where ‘expires_in’ is measured in seconds.

{ 
"access_token": "xxxxxxxx", "refresh_token": "yyyyyyyy", "token_type" : "BEARER", "expires_in": 21600 }

 If there are any problems with the request, you'll receive a 400 response with an error message.

{ 
"error": "error_code",
 "error_description" : "A human readable error message" }

Once the access token is obtained, it needs to be passed in the Header for all API Calls.

      Authorization : Bearer 

 

Refresh an Access Token

Use a previously obtained refresh token to generate a new access token.

POST - /rest/oauth/token

Headers:

The following headers should be included in your request:

      Content-Type: application/x-www-form-urlencoded;charset=utf-8     
      TenantRegion: [ APAC | EU | US ]

 Data:

grant_type=refresh_token&client_id=xxxxxxxx&client_secret=yyyyyyyy&refresh_token=zzzzzzzz&redirect_uri=https://my.app.com/oauth2callback 

 Response:

If successful, you will receive a JSON response with the required tokens, where ‘expires_in’ is measured in seconds.

{ 
"access_token": "xxxxxxxx", "refresh_token": "yyyyyyyy", "token_type" : "BEARER", "expires_in": 21600 }

 

If there are any problems with the request, you'll receive a 400 response with an error message.

{ 
"error": "error_code",
 "error_description" : "A human readable error message" }

Was this article helpful?

Have more questions? Submit a request