Generate OAuth token
post
/spms/access/token
Generates/refreshes an Oauth token
Uses the password grant (flow) mechanism. That is, it is designed to be used with applications that the system trusts. See: https://oauth.net/2/grant-types/password for the flow. In this call, you provide the username/password this POST supplies the OAUTH JSON token in return which you then supply to all calls in the authorization header field as a bearer token.
Refresh Token mode:
Allows you to get a new token using the refresh token instead of user/password. Use this to get an token when the application has a JWT token and it wants to extend access to the APIS without prompting the user for their user/password
operationId: authentication
Generating Token:Uses the password grant (flow) mechanism. That is, it is designed to be used with applications that the system trusts. See: https://oauth.net/2/grant-types/password for the flow. In this call, you provide the username/password this POST supplies the OAUTH JSON token in return which you then supply to all calls in the authorization header field as a bearer token.
Refresh Token mode:
Allows you to get a new token using the refresh token instead of user/password. Use this to get an token when the application has a JWT token and it wants to extend access to the APIS without prompting the user for their user/password
Request
Supported Media Types
- application/x-www-form-urlencoded
Root Schema : oAuthGrantRequest
Type:
Show Source
object
-
grant_type:
string
Pattern:
password|refresh_token
Name of the oauth grant. Only accepts password in this version when generating a new token for the first time. Use refresh_token if you want to refresh the token using the 'refresh_token' returned in a previous call.Example:<PASSWORD>
-
password(optional):
string
Pattern:
^[a-zA-Z0-9 _,\\?/\\.\\-\\\\+\\*\n~!@#$%&{}\\[\\]()=<>\\|\\^\\":;@`]*$
The password of the user you are trying to gain an authentication token for. Note this is mandatory if you are requesting a token via the password grant_typeExample:<PASSWORD>
-
refresh_token(optional):
string
Pattern:
^[A-Za-z0-9-_.]+$
Refresh token returned in the original password grant_type. Used to get a new token using this refresh token. Note this is mandatory if you are requesting a token via the refresh_token grant_typeExample:eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3Btcy1vYXV0aDItcmVzb3VyY2UiXSwidXNlcl9uYW1lIjoiaGVsbG8iLCJzY29wZSI6WyJBbGwiXSwib3JnYW5pemF0aW9uIjoiaGVsbG9DTmpiIiwiYXRpIjoiNTI1YTkzNzMtZjBhOC00Mzc3LTkzZDctN2Q5ZTAwZTIzMGI1IiwiZXhwIjoxNTY4NzQ4MTI0LCJhdXRob3JpdGllcyI6WyJBRE1JTiJdLCJqdGkiOiI2MTMxYTljNy05YTc3LTRmYmMtYWQyZi01YWNkOTQzM2E4MjQiLCJjbGllbnRfaWQiOiJjbGllbnRpZCJ9.gkCMb1VreAmBDI51wYTfDVyaYQsbfgznNl1tb8hUEEpXsPm0ZlaTFynLr_VUFae6AbF1bHsktSMmpLc9jndIVHAJ3dIoV9vTtngf3XffGcS_HhzlyhHZSFiLb4zFXjFUFJ1WmBMK6FYLr3mBsta4nAI3q7jeF_QEC2rJFIr8z3sHTK0jJyDFXzwcnuNVPhLiuZ42qOatcxB4oA5n07JhJOCbA9dIyl4yVZkxvZR484lUOI32_i2EE0yx05xgwDIwNJMbdxo5WF99J6IWSJO17jLb3K9JzlBEcBqL7Sq4XoNBKJ7u2buDaWpxlgPh84gohT_8dqCKt8r7sKWwQDgyvg
-
username(optional):
string
Pattern:
^[A-Za-z0-9-_.]{2,20}$
User name you are trying to gain an authentication token for. Note this is mandatory if you are requesting a token via the password grant_typeExample:<UserName>
Response
Supported Media Types
- application/json
200 Response
Successful - Username/password correct and token returned.
Root Schema : schema
Type:
Show Source
object
-
access_token:
string
Pattern:
^[A-Za-z0-9-_.]+$
JWT based token which you add to the authorization header of every call to the API. See https://jwt.io for detailsExample:eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3Btcy1vYXV0aDItcmVzb3VyY2UiXSwidXNlcl9uYW1lIjoiaGVsbG8iLCJzY29wZSI6WyJBbGwiXSwib3JnYW5pemF0aW9uIjoiaGVsbG9DTmpiIiwiZXhwIjoxNTY4NzMwMTI0LCJhdXRob3JpdGllcyI6WyJBRE1JTiJdLCJqdGkiOiI1MjVhOTM3My1mMGE4LTQzNzctOTNkNy03ZDllMDBlMjMwYjUiLCJjbGllbnRfaWQiOiJjbGllbnRpZCJ9.T97KAuIlw0hEwG6t8s7SlZo8A9C0wVH5m9RzUAQacWwE4EV_wAPdrYnjHTbTdhnyHhVE4amxm8za3VSBG9IakG2ij5nqcg4Nq-MkRbDsyh-e7AMOSu9ZCnw6JfwVconRqJwDVgiR0IA83ZqgiC5h31vuXY7PUmpdxQ-6Lc1wynA_lWoGthevhTCVJWXIprum68CdvH6D-DAUK4p1fzPL20Q-cR0pQmkEiE-RMmEtglCqknsIPsVzB_Yz7B7n5ECuHtcuFME4VZSZcydXN1x0vZsqPINH4QBW0-PNDO9Zk1iWEGiRml_Ccc914b4yAVlhyCG77X5lmB1DUTNjla88Kw
-
expires_in:
number
Minimum Value:
0
The number of seconds before the token expires (e.g 3600 is 1 hour)Example:3599
-
jti:
string
Pattern:
^[A-Za-z0-9-_.]+$
Unique Id for the token. Not used in SPMS but returned from completeness. See https://tools.ietf.org/html/rfc7519#section-4.1.7Example:525a9373-f0a8-4377-93d7-7d9e00e230b5
-
organization:
string
Pattern:
^[A-Za-z0-9-_.]+$
Organization of the user belongs to (for information purposes)Example:COMPANY
-
refresh_token:
string
Pattern:
^[A-Za-z0-9-_=]+\.[A-Za-z0-9-_=]+\.?[A-Za-z0-9-_.+/=]*$
Call the refreshed API URL with this token to retrieve a brand new token with a new expiry time.Example:eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3Btcy1vYXV0aDItcmVzb3VyY2UiXSwidXNlcl9uYW1lIjoiaGVsbG8iLCJzY29wZSI6WyJBbGwiXSwib3JnYW5pemF0aW9uIjoiaGVsbG9DTmpiIiwiYXRpIjoiNTI1YTkzNzMtZjBhOC00Mzc3LTkzZDctN2Q5ZTAwZTIzMGI1IiwiZXhwIjoxNTY4NzQ4MTI0LCJhdXRob3JpdGllcyI6WyJBRE1JTiJdLCJqdGkiOiI2MTMxYTljNy05YTc3LTRmYmMtYWQyZi01YWNkOTQzM2E4MjQiLCJjbGllbnRfaWQiOiJjbGllbnRpZCJ9.gkCMb1VreAmBDI51wYTfDVyaYQsbfgznNl1tb8hUEEpXsPm0ZlaTFynLr_VUFae6AbF1bHsktSMmpLc9jndIVHAJ3dIoV9vTtngf3XffGcS_HhzlyhHZSFiLb4zFXjFUFJ1WmBMK6FYLr3mBsta4nAI3q7jeF_QEC2rJFIr8z3sHTK0jJyDFXzwcnuNVPhLiuZ42qOatcxB4oA5n07JhJOCbA9dIyl4yVZkxvZR484lUOI32_i2EE0yx05xgwDIwNJMbdxo5WF99J6IWSJO17jLb3K9JzlBEcBqL7Sq4XoNBKJ7u2buDaWpxlgPh84gohT_8dqCKt8r7sKWwQDgyvg
-
scope:
string
Scope of use of this token. The definition of scope can be found in https://tools.ietf.org/html/rfc6749#section-3.3 Informally, scope is a set of rights granted to this token (not the rights of the user)
-
token_type:
string
Pattern:
bearer
Always bearer, meaning you should supply this token as bearer in the authorization header field. Informally, Bearer means that the user (bearer) of the token as the access rights attributed by the JWT tokenExample:bearer
Example Response (application/json)
{
"access_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3Btcy1vYXV0aDItcmVzb3VyY2UiXSwidXNlcl9uYW1lIjoiaGVsbG8iLCJzY29wZSI6WyJBbGwiXSwib3JnYW5pemF0aW9uIjoiaGVsbG9DTmpiIiwiZXhwIjoxNTY4NzMwMTI0LCJhdXRob3JpdGllcyI6WyJBRE1JTiJdLCJqdGkiOiI1MjVhOTM3My1mMGE4LTQzNzctOTNkNy03ZDllMDBlMjMwYjUiLCJjbGllbnRfaWQiOiJjbGllbnRpZCJ9.T97KAuIlw0hEwG6t8s7SlZo8A9C0wVH5m9RzUAQacWwE4EV_wAPdrYnjHTbTdhnyHhVE4amxm8za3VSBG9IakG2ij5nqcg4Nq-MkRbDsyh-e7AMOSu9ZCnw6JfwVconRqJwDVgiR0IA83ZqgiC5h31vuXY7PUmpdxQ-6Lc1wynA_lWoGthevhTCVJWXIprum68CdvH6D-DAUK4p1fzPL20Q-cR0pQmkEiE-RMmEtglCqknsIPsVzB_Yz7B7n5ECuHtcuFME4VZSZcydXN1x0vZsqPINH4QBW0-PNDO9Zk1iWEGiRml_Ccc914b4yAVlhyCG77X5lmB1DUTNjla88Kw",
"token_type":"bearer",
"refresh_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3Btcy1vYXV0aDItcmVzb3VyY2UiXSwidXNlcl9uYW1lIjoiaGVsbG8iLCJzY29wZSI6WyJBbGwiXSwib3JnYW5pemF0aW9uIjoiaGVsbG9DTmpiIiwiYXRpIjoiNTI1YTkzNzMtZjBhOC00Mzc3LTkzZDctN2Q5ZTAwZTIzMGI1IiwiZXhwIjoxNTY4NzQ4MTI0LCJhdXRob3JpdGllcyI6WyJBRE1JTiJdLCJqdGkiOiI2MTMxYTljNy05YTc3LTRmYmMtYWQyZi01YWNkOTQzM2E4MjQiLCJjbGllbnRfaWQiOiJjbGllbnRpZCJ9.gkCMb1VreAmBDI51wYTfDVyaYQsbfgznNl1tb8hUEEpXsPm0ZlaTFynLr_VUFae6AbF1bHsktSMmpLc9jndIVHAJ3dIoV9vTtngf3XffGcS_HhzlyhHZSFiLb4zFXjFUFJ1WmBMK6FYLr3mBsta4nAI3q7jeF_QEC2rJFIr8z3sHTK0jJyDFXzwcnuNVPhLiuZ42qOatcxB4oA5n07JhJOCbA9dIyl4yVZkxvZR484lUOI32_i2EE0yx05xgwDIwNJMbdxo5WF99J6IWSJO17jLb3K9JzlBEcBqL7Sq4XoNBKJ7u2buDaWpxlgPh84gohT_8dqCKt8r7sKWwQDgyvg",
"expires_in":3599,
"scope":"All",
"organization":"COMPANY",
"jti":"525a9373-f0a8-4377-93d7-7d9e00e230b5"
}
400 Response
Bad Request
Root Schema : schema
Type:
Show Source
object
-
error(optional):
string
Pattern:
^[A-Za-z0-9-_.]+$
Code representing the reason why the attempt to authenticate the user failed.Example:invalid_grant
-
error_description(optional):
string
Pattern:
^[A-Za-z0-9-_.]+$
Short human readable description of why the attempt to authenticate failed.Example:Bad credentials
Example Response (application/json)
{
"error":"invalid_grant",
"error_description":"Bad credentials"
}
401 Response
Unauthorized
Root Schema : schema
Match All
Show Source
-
object
Error Response
Title:
Error Response
Error Response returned when encountered error
Example:
{
"type":"HTTP://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2",
"title":"Unauthorized",
"detail":"Valid token is required to access this resource"
}
Nested Schema : Error Response
Type:
object
Title:
Error Response
Error Response returned when encountered error
Show Source
500 Response
Internal Server Error
Root Schema : schema
Type:
Show Source
object
-
error(optional):
string
Pattern:
^[A-Za-z0-9-_.]+$
Code representing the reason why the attempt to authenticate the user failed.Example:server_error
-
error_description(optional):
string
Pattern:
^[A-Za-z0-9-_.]+$
Short human readable description of why the attempt to authenticate failed.Example:Internal Server Error
Example Response (application/json)
{
"error":"server_error",
"error_description":"Internal Server Error"
}