The Client ID, Client Secret, Redirect URI and Code generated in Priava, need to be used to get an access token and refresh token. The access token will be used for authenticating the API requests discussed in these documents. It’s important to remember that access tokens expire after 6 hours, so the refresh token needs to be used to get a new access token when the first access token expires.
Getting an Access Token
POST - /rest/oauth/token
Headers:
The following headers should be included in your request:
Content-Type: application/x-www-form-urlencoded;charset=utf-8 TenantRegion: [ APAC | EU | US ]
Data:
grant_type=authorization_code&client_id=xxxxxxxx&client_secret=yyyyyyyy&code=zzzzzzzz&redirect_uri=https://my.app.com/oauth2callback
Response:
If successful, you will receive a JSON response with the required tokens, where ‘expires_in’ is measured in seconds.
{
"access_token": "xxxxxxxx", "refresh_token": "yyyyyyyy", "token_type" : "BEARER", "expires_in": 21600 }
If there are any problems with the request, you'll receive a 400 response with an error message.
{
"error": "error_code", "error_description" : "A human readable error message" }
Once the access token is obtained, it needs to be passed in the Header for all API Calls.
Authorization : Bearer
Refresh an Access Token
Use a previously obtained refresh token to generate a new access token.
POST - /rest/oauth/token
Headers:
The following headers should be included in your request:
Content-Type: application/x-www-form-urlencoded;charset=utf-8 TenantRegion: [ APAC | EU | US ]
Data:
grant_type=refresh_token&client_id=xxxxxxxx&client_secret=yyyyyyyy&refresh_token=zzzzzzzz&redirect_uri=https://my.app.com/oauth2callback
Response:
If successful, you will receive a JSON response with the required tokens, where ‘expires_in’ is measured in seconds.
{
"access_token": "xxxxxxxx", "refresh_token": "yyyyyyyy", "token_type" : "BEARER", "expires_in": 21600 }
If there are any problems with the request, you'll receive a 400 response with an error message.
{
"error": "error_code", "error_description" : "A human readable error message" }