Get an access token



This operation authenticates the calling application and retrieves the access token.


Supported Media Types
Form Parameters
  • The JWT assertion token. This field contains the assertion token only when the grant_type is 'urn:ietf:params:oauth:grant-type:jwt-bearer'.

    The JWT assertion token structure is as follows:

    • Header: The header should contain 'alg' field set to 'RS256'. For example, { "alg" : "RS256" }.
    • Payload: The payload should contain the following fields:
      • "iss" - the name of the person who issued the assertion token. This field is only for information/logging purposes and is not used for validation.
      • "aud" - the audience for the assertion token. It is a string composed of three parts delimited by colon. The first part of the string is always 'ofsc', the second part is the Oracle Field Service Cloud instance name, and the third part is the Application ID. For example, "ofsc:bestcustomer:best_mobile_app".
      • "sub" - the subject of the assertion token. It can either be equal to "aud" (if we perform the call as application, not as a Oracle Field Service Cloud user), or it can be equal to the "login" field of an Oracle Field Service Cloud user that you want to authorize to call the REST APIs.
      • "iat" - the UNIX timestamp when the assertion was issued.
      • "exp" - the UNIX timestamp when the assertion expires. The "exp" time should be kept short, for example, a minute or a few minutes.

      The following is an example JWT assertion token that you can copy-paste to to see the fields:


  • The type of the authentication. The allowed values are:
    • 'client_credentials' - HTTP Basic authentication is used to authenticate the calling application. The 'client_id' and 'client_secret' are used as the credentials.
    • 'urn:ietf:params:oauth:grant-type:jwt-bearer' - JWT Assertion token is used to authenticate the calling application.
    Allowed Values: [ "client_credentials", "urn:ietf:params:oauth:grant-type:jwt-bearer" ]
  • If the value of this parameter adds an additional claim to the access token returned in response with the same name and value. The 'ofsc_dynamic_scope' parameter and the claim have the URL format with optional query parameters. The claim applies the following restrictions to the requests:
    • endpoint: OFSC REST API rejects the token with HTTP 401 status code, if it is used to call a different endpoint other than the one specified in 'ofsc_dynamic_scope' claim.
    • query fields: OFSC REST API rejects the request with HTTP 401 status code, if the request URL does not contain all the query parameters specified in the 'ofsc_dynamic_scope' claim.
    • query values: OFSC REST API rejects the request with HTTP 401 status code, if all the query parameter values specified in the request URL do not match the query parameter values of the 'ofsc_dynamic_scope' claim.

    Multiple URLs can be specified in this parameter and claim. The URLs must be separated by a single space.

    In the following cURL command example, the value of the 'ofsc_dynamic_scope' parameter is set to "https://<instance_name>" (value is URL-encoded in the command) curl -u 'client_id@instance_name:client_secret' -X POST --url 'https://<instance_name>' -d 'grant_type=client_credentials' -d 'ofsc_dynamic_scope=https%3A%2F%2F<instance_name>'

Back to Top


Supported Media Types

200 Response

This section describes the 200 status response for this operation.
Body ()
Root Schema : schema
Type: object
Show Source

Default Response

This section describes the default error response for this operation.
Body ()
Root Schema : Error
Type: object
Error response
Show Source
Back to Top


The following example shows how to fetch an access token by submitting a POST request on the REST resource:

cURL Command Example

-d 'grant_type=client_credentials' \

Response Body Example

The following shows an example of the response body in JSON format.

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
    "access_token": "eyJ0eXAiOiJ...SKIP...Atbt71aUa_Qmy98w",
    "token_type": "bearer",
    "expires_in": 3600
Back to Top