1. Oracle Hospitality Cruise REST API
  2. Tasks
  3. Authentication

Generate OAuth token

post

/spms/access/token

Generates/refreshes an Oauth token

operationId: authentication

Generating Token:
Uses the password grant (flow) mechanism. That is, it is designed to be used with applications that the system trusts. See: https://oauth.net/2/grant-types/password for the flow. In this call, you provide the username/password this POST supplies the OAUTH JSON token in return which you then supply to all calls in the authorization header field as a bearer token.

Refresh Token mode:
Allows you to get a new token using the refresh token instead of user/password. Use this to get an token when the application has a JWT token and it wants to extend access to the APIS without prompting the user for their user/password

Request

Supported Media Types
Body ()
Root Schema : oAuthGrantRequest
Type: object
Show Source
  • Pattern: ^[a-zA-Z0-9 ]+?$
    Client's public identifier, indicates which client or application is performing the request. This field is mandatory.
    Example: clientid
  • Pattern: password|refresh_token
    Indicate the request type of OAuth grant. + `password` - for login use, require `username`, `password` and `client_id`. + `refresh_token` - to extend the current login session, require `client_id` and `refresh_token`.
    Example: <PASSWORD>
  • Pattern: ^[a-zA-Z0-9 _,\\?/\\.\\-\\\\+\\*\n~!@#$%&{}\\[\\]()=<>\\|\\^\\":;@`]*$
    Your password. Mandatory for `password` grant type request.
    Example: <PASSWORD>
  • Pattern: ^[A-Za-z0-9-_.]+$
    Refresh token obtained from login authorization. Mandatory for `refresh_token` grant_type.
    Example: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3Btcy1vYXV0aDItcmVzb3VyY2UiXSwidXNlcl9uYW1lIjoiaGVsbG8iLCJzY29wZSI6WyJBbGwiXSwib3JnYW5pemF0aW9uIjoiaGVsbG9DTmpiIiwiYXRpIjoiNTI1YTkzNzMtZjBhOC00Mzc3LTkzZDctN2Q5ZTAwZTIzMGI1IiwiZXhwIjoxNTY4NzQ4MTI0LCJhdXRob3JpdGllcyI6WyJBRE1JTiJdLCJqdGkiOiI2MTMxYTljNy05YTc3LTRmYmMtYWQyZi01YWNkOTQzM2E4MjQiLCJjbGllbnRfaWQiOiJjbGllbnRpZCJ9.gkCMb1VreAmBDI51wYTfDVyaYQsbfgznNl1tb8hUEEpXsPm0ZlaTFynLr_VUFae6AbF1bHsktSMmpLc9jndIVHAJ3dIoV9vTtngf3XffGcS_HhzlyhHZSFiLb4zFXjFUFJ1WmBMK6FYLr3mBsta4nAI3q7jeF_QEC2rJFIr8z3sHTK0jJyDFXzwcnuNVPhLiuZ42qOatcxB4oA5n07JhJOCbA9dIyl4yVZkxvZR484lUOI32_i2EE0yx05xgwDIwNJMbdxo5WF99J6IWSJO17jLb3K9JzlBEcBqL7Sq4XoNBKJ7u2buDaWpxlgPh84gohT_8dqCKt8r7sKWwQDgyvg
  • Pattern: ^[A-Za-z0-9-_.]{2,20}$
    Your user name. Mandatory for `password` grant type request.
    Example: <UserName>
Back to Top

Response

Supported Media Types

200 Response

Successful - Username/password correct and token returned.
Body ()
Root Schema : schema
Type: object
Show Source
  • Pattern: ^[A-Za-z0-9-_.]+$
    An authorization token for clients to send in API requests.
    Example: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3Btcy1vYXV0aDItcmVzb3VyY2UiXSwidXNlcl9uYW1lIjoiaGVsbG8iLCJzY29wZSI6WyJBbGwiXSwib3JnYW5pemF0aW9uIjoiaGVsbG9DTmpiIiwiZXhwIjoxNTY4NzMwMTI0LCJhdXRob3JpdGllcyI6WyJBRE1JTiJdLCJqdGkiOiI1MjVhOTM3My1mMGE4LTQzNzctOTNkNy03ZDllMDBlMjMwYjUiLCJjbGllbnRfaWQiOiJjbGllbnRpZCJ9.T97KAuIlw0hEwG6t8s7SlZo8A9C0wVH5m9RzUAQacWwE4EV_wAPdrYnjHTbTdhnyHhVE4amxm8za3VSBG9IakG2ij5nqcg4Nq-MkRbDsyh-e7AMOSu9ZCnw6JfwVconRqJwDVgiR0IA83ZqgiC5h31vuXY7PUmpdxQ-6Lc1wynA_lWoGthevhTCVJWXIprum68CdvH6D-DAUK4p1fzPL20Q-cR0pQmkEiE-RMmEtglCqknsIPsVzB_Yz7B7n5ECuHtcuFME4VZSZcydXN1x0vZsqPINH4QBW0-PNDO9Zk1iWEGiRml_Ccc914b4yAVlhyCG77X5lmB1DUTNjla88Kw
  • Minimum Value: 0
    The remaining time in seconds before the token expires.
    Example: 3599
  • Pattern: ^[A-Za-z0-9-_.]+$
    Unique Id for the token. Not used in SPMS but returned from completeness.
    Example: 525a9373-f0a8-4377-93d7-7d9e00e230b5
  • Pattern: ^[A-Za-z0-9-_.]+$
    Organization of the user.
    Example: COMPANY
  • Pattern: ^[A-Za-z0-9-_=]+\.[A-Za-z0-9-_=]+\.?[A-Za-z0-9-_.+/=]*$
    A token to be used to retrieve a new access token.
    Example: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3Btcy1vYXV0aDItcmVzb3VyY2UiXSwidXNlcl9uYW1lIjoiaGVsbG8iLCJzY29wZSI6WyJBbGwiXSwib3JnYW5pemF0aW9uIjoiaGVsbG9DTmpiIiwiYXRpIjoiNTI1YTkzNzMtZjBhOC00Mzc3LTkzZDctN2Q5ZTAwZTIzMGI1IiwiZXhwIjoxNTY4NzQ4MTI0LCJhdXRob3JpdGllcyI6WyJBRE1JTiJdLCJqdGkiOiI2MTMxYTljNy05YTc3LTRmYmMtYWQyZi01YWNkOTQzM2E4MjQiLCJjbGllbnRfaWQiOiJjbGllbnRpZCJ9.gkCMb1VreAmBDI51wYTfDVyaYQsbfgznNl1tb8hUEEpXsPm0ZlaTFynLr_VUFae6AbF1bHsktSMmpLc9jndIVHAJ3dIoV9vTtngf3XffGcS_HhzlyhHZSFiLb4zFXjFUFJ1WmBMK6FYLr3mBsta4nAI3q7jeF_QEC2rJFIr8z3sHTK0jJyDFXzwcnuNVPhLiuZ42qOatcxB4oA5n07JhJOCbA9dIyl4yVZkxvZR484lUOI32_i2EE0yx05xgwDIwNJMbdxo5WF99J6IWSJO17jLb3K9JzlBEcBqL7Sq4XoNBKJ7u2buDaWpxlgPh84gohT_8dqCKt8r7sKWwQDgyvg
  • Scope of use of this token.
  • Pattern: bearer
    The type of token returned. Currently always return `bearer`.
    Example: bearer
Example Response (application/json)
{
    "access_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3Btcy1vYXV0aDItcmVzb3VyY2UiXSwidXNlcl9uYW1lIjoiaGVsbG8iLCJzY29wZSI6WyJBbGwiXSwib3JnYW5pemF0aW9uIjoiaGVsbG9DTmpiIiwiZXhwIjoxNTY4NzMwMTI0LCJhdXRob3JpdGllcyI6WyJBRE1JTiJdLCJqdGkiOiI1MjVhOTM3My1mMGE4LTQzNzctOTNkNy03ZDllMDBlMjMwYjUiLCJjbGllbnRfaWQiOiJjbGllbnRpZCJ9.T97KAuIlw0hEwG6t8s7SlZo8A9C0wVH5m9RzUAQacWwE4EV_wAPdrYnjHTbTdhnyHhVE4amxm8za3VSBG9IakG2ij5nqcg4Nq-MkRbDsyh-e7AMOSu9ZCnw6JfwVconRqJwDVgiR0IA83ZqgiC5h31vuXY7PUmpdxQ-6Lc1wynA_lWoGthevhTCVJWXIprum68CdvH6D-DAUK4p1fzPL20Q-cR0pQmkEiE-RMmEtglCqknsIPsVzB_Yz7B7n5ECuHtcuFME4VZSZcydXN1x0vZsqPINH4QBW0-PNDO9Zk1iWEGiRml_Ccc914b4yAVlhyCG77X5lmB1DUTNjla88Kw",
    "token_type":"bearer",
    "refresh_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3Btcy1vYXV0aDItcmVzb3VyY2UiXSwidXNlcl9uYW1lIjoiaGVsbG8iLCJzY29wZSI6WyJBbGwiXSwib3JnYW5pemF0aW9uIjoiaGVsbG9DTmpiIiwiYXRpIjoiNTI1YTkzNzMtZjBhOC00Mzc3LTkzZDctN2Q5ZTAwZTIzMGI1IiwiZXhwIjoxNTY4NzQ4MTI0LCJhdXRob3JpdGllcyI6WyJBRE1JTiJdLCJqdGkiOiI2MTMxYTljNy05YTc3LTRmYmMtYWQyZi01YWNkOTQzM2E4MjQiLCJjbGllbnRfaWQiOiJjbGllbnRpZCJ9.gkCMb1VreAmBDI51wYTfDVyaYQsbfgznNl1tb8hUEEpXsPm0ZlaTFynLr_VUFae6AbF1bHsktSMmpLc9jndIVHAJ3dIoV9vTtngf3XffGcS_HhzlyhHZSFiLb4zFXjFUFJ1WmBMK6FYLr3mBsta4nAI3q7jeF_QEC2rJFIr8z3sHTK0jJyDFXzwcnuNVPhLiuZ42qOatcxB4oA5n07JhJOCbA9dIyl4yVZkxvZR484lUOI32_i2EE0yx05xgwDIwNJMbdxo5WF99J6IWSJO17jLb3K9JzlBEcBqL7Sq4XoNBKJ7u2buDaWpxlgPh84gohT_8dqCKt8r7sKWwQDgyvg",
    "expires_in":3599,
    "scope":"All",
    "organization":"COMPANY",
    "jti":"525a9373-f0a8-4377-93d7-7d9e00e230b5"
}

400 Response

Bad Request
Body ()
Root Schema : schema
Type: object
Show Source
  • Pattern: ^[A-Za-z0-9-_.]+$
    Code representing the reason why the attempt to authenticate the user failed.
    Example: invalid_grant
  • Pattern: ^[A-Za-z0-9-_.]+$
    Short human readable description of why the attempt to authenticate failed.
    Example: Bad credentials
Example Response (application/json)
{
    "error":"invalid_grant",
    "error_description":"Bad credentials"
}

401 Response

Unauthorized
Body ()
Root Schema : schema
Match All
Show Source
Example:
{
    "type":"HTTP://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2",
    "title":"Unauthorized",
    "detail":"Valid token is required to access this resource"
}
Nested Schema : Error Response
Type: object
Title: Error Response
Error Response returned when encountered error
Show Source

403 Response

Forbidden
Body
Example Response (application/json)
{
    "error":"access_denied",
    "error_description":"The user has been locked out for 30 mins"
}

500 Response

Internal Server Error
Body ()
Root Schema : schema
Type: object
Show Source
  • Pattern: ^[A-Za-z0-9-_.]+$
    Code representing the reason why the attempt to authenticate the user failed.
    Example: server_error
  • Pattern: ^[A-Za-z0-9-_.]+$
    Short human readable description of why the attempt to authenticate failed.
    Example: Internal Server Error
Example Response (application/json)
{
    "error":"server_error",
    "error_description":"Internal Server Error"
}
Back to Top