Generate Auth Access Token
POST/api/id/v1/auth/token
This API endpoint allows clients to obtain OAuth 2.0 access tokens using the client_credentials
grant type. The client must provide its client ID and client secret in the Authorization
header, using the Basic
authentication scheme. The generated access token can then be used to authenticate and access protected resources within the system.
The request body must include the grant_type
as client_credentials
, and a scope
parameter that defines the permissions being requested. The API will return an access token, along with optional tokens such as an ID token or a refresh token if supported.
This endpoint is used for machine-to-machine authentication, where no user interaction is required. The tokens generated can be used to access APIs securely, ensuring that the client is authorized for the requested scopes.
Request
Header Parameters
The Authorization
header must include the client ID and client secret encoded in base64 using the format Basic base64(client_id:client_secret)
. This header is required to authenticate the client and obtain the OAuth 2.0 access token.
- application/x-www-form-urlencoded
Body
required
Possible values: [client_credentials
]
Specifies the OAuth 2.0 grant type being used. In this case, it must be client_credentials
. This indicates that the client is using its own credentials to request an access token.
The scope of the access request. This parameter defines the permissions being requested for the access token. Multiple scopes can be requested, and they should be space-separated. For example, openid email profile inspect
can be used to request access to basic identity information and profile data.
Responses
- 200
- 400
- 401
- 403
- 404
- 500
200 OK. The access token was successfully generated. The response contains the access token and, if applicable, additional tokens (e.g., refresh token or ID token). The data includes:
- application/json
- Schema
- Example (from schema)
Schema
The scopes associated with the access token, indicating the granted permissions.
The type of token issued. Typically, this will be Bearer
, indicating that the token is a bearer token, which must be sent in the Authorization
header when accessing protected resources.
The access token issued by the authorization server. This token is used to access protected resources.
The number of seconds for which the access token is valid. Once this time expires, the token must be refreshed or a new one must be obtained.
The ID token issued by the server, if applicable. This token contains identity-related information.
The refresh token, which can be used to obtain new access tokens without needing to re-authenticate. This field is included if the server supports token refreshing.
{
"scope": "openid email profile inspect",
"token_type": "Bearer",
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJpbnRlZ3JhdGlvbi1kZXYtVk5aUXFEdDRIdiIsImV4cCI6MTcxNjQ2NjIxOCwianRpIjoiYjc4N2FiMTUtNDgxNS00MTFmLTkzYjctYzc5YWIxNWYwZDg3IiwiaWF0IjoxNzE1ODYxNDE4LCJpc3MiOiJTY3JlZW5pbmcgRWFnbGUgSUQiLCJzdWIiOiIxMzAyIiwic2NwIjoib3BlbmlkIGVtYWlsIHByb2ZpbGUgaW5zcGVjdCIsInNjb3BlcyI6WyJ1c2VyIl0sInVzZXJJRCI6MTMwMiwidXNlclJlZ2lvbiI6IlNHIn0.zsN5ys3qdmcJmJwzZHR9c9LC92KPTh2-NaliF2eSHFc",
"expires_in": 604800,
"id_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJpbnRlZ3JhdGlvbi1kZXYtVk5aUXFEdDRIdiIsImV4cCI6MTcxNjQ2NjIxOCwiaWF0IjoxNzE1ODYxNDE4LCJpc3MiOiJTY3JlZW5pbmcgRWFnbGUgSUQiLCJzdWIiOiIxMzAyIiwiZW1haWwiOiJ0ZXN0QHNjcmVlbmluZ2VhZ2xlLmNvbSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJuYW1lIjoiVGVzdCBVc2VyIiwiZmlyc3RfbmFtZSI6IlRlc3QiLCJsYXN0X25hbWUiOiJVc2VyIiwiY291bnRyeV9jb2RlIjoiU0ciLCJwaWN0dXJlIjoiaHR0cHM6Ly9pZC1kZXYuc2NyZWVuaW5nZWFnbGUuY29tL2FwaS92MS91c2VyLzEzMDIvcGljdHVyZS8iLCJ1cGRhdGVkX2F0IjoxNzI1ODQ2Mzc4fQ.rQrkAyINhdV9E8SFmXvZv8v6gmCpokgmVwZFDU_ox28",
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJpbnRlZ3JhdGlvbi1kZXYtVk5aUXFEdDRIdiIsImV4cCI6MTcyMTQxMzUzOSwianRpIjoiY2YyNzdhMWUtYTRlNC00ODAzLTgzZmYtNDM5N2MzYzdhZWY0IiwiaWF0IjoxNzA1ODYxNTM5LCJpc3MiOiJTY3JlZW5pbmcgRWFnbGUgSUQiLCJzdWIiOiIxNDEzIiwic2NwIjoib3BlbmlkIGVtYWlsIHByb2ZpbGUgb2ZmbGluZSJ9.IkZRvpIzQ5nr3xOhYWpEHrPkw0X-QWTHA75IAbM8ZLM"
}
400 Bad Request. The request is invalid. This may occur if required parameters are missing or invalid. Ensure that all required parameters are included and valid.
- application/json
- Schema
- Example (from schema)
Schema
A detailed description of the error, providing more context or information about what went wrong. This is intended to help understand the cause of the error and how to resolve it.
A code representing the specific error that occurred. This can be used to programmatically identify and handle the error.
{
"errorDescription": "permission denied",
"error": "Forbidden"
}
401 Unauthorized. Authentication is required and was not provided or is invalid. Ensure that the correct credentials or tokens are included in the request.
- application/json
- Schema
- Example (from schema)
Schema
A detailed description of the error, providing more context or information about what went wrong. This is intended to help understand the cause of the error and how to resolve it.
A code representing the specific error that occurred. This can be used to programmatically identify and handle the error.
{
"errorDescription": "permission denied",
"error": "Forbidden"
}
403 Forbidden. The client does not have permission to perform this action. This might happen if the client lacks the necessary privileges to interact with the specified entity.
- application/json
- Schema
- Example (from schema)
Schema
A detailed description of the error, providing more context or information about what went wrong. This is intended to help understand the cause of the error and how to resolve it.
A code representing the specific error that occurred. This can be used to programmatically identify and handle the error.
{
"errorDescription": "permission denied",
"error": "Forbidden"
}
404 Not Found. The specified entity does not exist. Verify that the reference given is correct and that the entity is available.
- application/json
- Schema
- Example (from schema)
Schema
A detailed description of the error, providing more context or information about what went wrong. This is intended to help understand the cause of the error and how to resolve it.
A code representing the specific error that occurred. This can be used to programmatically identify and handle the error.
{
"errorDescription": "permission denied",
"error": "Forbidden"
}
500 Internal Server Error. An error occurred on the server while processing the request. Retry the operation or contact support if the issue persists.
- application/json
- Schema
- Example (from schema)
Schema
A detailed description of the error, providing more context or information about what went wrong. This is intended to help understand the cause of the error and how to resolve it.
A code representing the specific error that occurred. This can be used to programmatically identify and handle the error.
{
"errorDescription": "permission denied",
"error": "Forbidden"
}