Generate OAuth token
post
/spms/access/token
Generates/refreshes an Oauth token
Uses the password grant (flow) mechanism. That is, it is designed to be used with applications that the system trusts. See: https://oauth.net/2/grant-types/password for the flow. In this call, you provide the username/password this POST supplies the OAUTH JSON token in return which you then supply to all calls in the authorization header field as a bearer token.
Refresh Token mode:
Allows you to get a new token using the refresh token instead of user/password. Use this to get an token when the application has a JWT token and it wants to extend access to the APIS without prompting the user for their user/password
operationId: authentication
Generating Token:Uses the password grant (flow) mechanism. That is, it is designed to be used with applications that the system trusts. See: https://oauth.net/2/grant-types/password for the flow. In this call, you provide the username/password this POST supplies the OAUTH JSON token in return which you then supply to all calls in the authorization header field as a bearer token.
Refresh Token mode:
Allows you to get a new token using the refresh token instead of user/password. Use this to get an token when the application has a JWT token and it wants to extend access to the APIS without prompting the user for their user/password
A cookie will be attached with the response when successfully generate token by using password or refresh_token grant type.
Cookie is mandatory to be sent along when generating token (POST - access/token) by using contactless grant type.
The cookie will be expired when cruise change or on the date of "Expires". Expiration date (Expires) of the cookie will be one year after the date of generation.
Furthermore, the cookie will be re-generated for every access token requests (POST - access/token).
Example of cookie: Set-Cookie: key=0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF; Expires=Wed, 21 Apr 2024 07:28:00 GMT; HTTPOnly; Path='/spms/access';
Request
Supported Media Types
- application/x-www-form-urlencoded
Root Schema : oAuthGrantRequest
Type:
Show Source
object-
client_id:
string
Pattern:
^[a-zA-Z0-9 ]+?$Client's public identifier, indicates which client or application is performing the request. This field is mandatory.Example:<ClientId> -
contactlessId:
string
Pattern:
^[a-zA-Z0-9]+?$Card serial number. Mandatory for `contactless` grant type request.Example:<SerialNumber> -
grant_type:
string
Pattern:
password|refresh_token|contactlessIndicate the request type of OAuth grant. + `password` - for login use, require `username`, `password` and `client_id`. + `refresh_token` - to extend the current login session, require `client_id` and `refresh_token`. + `contactless` - for login using RFID card, require `contactlessId` and `client_id`.Example:password -
password:
string
Pattern:
^[a-zA-Z0-9 _,\\?/\\.\\-\\\\+\\*\n~!@#$%&{}\\[\\]()=<>\\|\\^\\":;@`]*$Your password. Mandatory for `password` grant type request.Example:<Password> -
refresh_token(optional):
string
Pattern:
^[A-Za-z0-9-_.]+$Refresh token obtained from login authorization. Mandatory for `refresh_token` grant_type.Example:eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3Btcy1vYXV0aDItcmVzb3VyY2UiXSwidXNlcl9uYW1lIjoiaGVsbG8iLCJzY29wZSI6WyJBbGwiXSwib3JnYW5pemF0aW9uIjoiaGVsbG9DTmpiIiwiYXRpIjoiNTI1YTkzNzMtZjBhOC00Mzc3LTkzZDctN2Q5ZTAwZTIzMGI1IiwiZXhwIjoxNTY4NzQ4MTI0LCJhdXRob3JpdGllcyI6WyJBRE1JTiJdLCJqdGkiOiI2MTMxYTljNy05YTc3LTRmYmMtYWQyZi01YWNkOTQzM2E4MjQiLCJjbGllbnRfaWQiOiJjbGllbnRpZCJ9.gkCMb1VreAmBDI51wYTfDVyaYQsbfgznNl1tb8hUEEpXsPm0ZlaTFynLr_VUFae6AbF1bHsktSMmpLc9jndIVHAJ3dIoV9vTtngf3XffGcS_HhzlyhHZSFiLb4zFXjFUFJ1WmBMK6FYLr3mBsta4nAI3q7jeF_QEC2rJFIr8z3sHTK0jJyDFXzwcnuNVPhLiuZ42qOatcxB4oA5n07JhJOCbA9dIyl4yVZkxvZR484lUOI32_i2EE0yx05xgwDIwNJMbdxo5WF99J6IWSJO17jLb3K9JzlBEcBqL7Sq4XoNBKJ7u2buDaWpxlgPh84gohT_8dqCKt8r7sKWwQDgyvg -
username:
string
Pattern:
^[A-Za-z0-9-_.]{2,20}$Your user name. Mandatory for `password` grant type request.Example:<UserName>
Response
Supported Media Types
- application/json
200 Response
Successful - Username/password correct and token returned.
Root Schema : schema
Type:
Show Source
object-
access_token:
string
Pattern:
^[A-Za-z0-9-_.]+$An authorization token for clients to send in API requests.Example:eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3Btcy1vYXV0aDItcmVzb3VyY2UiXSwidXNlcl9uYW1lIjoiaGVsbG8iLCJzY29wZSI6WyJBbGwiXSwib3JnYW5pemF0aW9uIjoiaGVsbG9DTmpiIiwiZXhwIjoxNTY4NzMwMTI0LCJhdXRob3JpdGllcyI6WyJBRE1JTiJdLCJqdGkiOiI1MjVhOTM3My1mMGE4LTQzNzctOTNkNy03ZDllMDBlMjMwYjUiLCJjbGllbnRfaWQiOiJjbGllbnRpZCJ9.T97KAuIlw0hEwG6t8s7SlZo8A9C0wVH5m9RzUAQacWwE4EV_wAPdrYnjHTbTdhnyHhVE4amxm8za3VSBG9IakG2ij5nqcg4Nq-MkRbDsyh-e7AMOSu9ZCnw6JfwVconRqJwDVgiR0IA83ZqgiC5h31vuXY7PUmpdxQ-6Lc1wynA_lWoGthevhTCVJWXIprum68CdvH6D-DAUK4p1fzPL20Q-cR0pQmkEiE-RMmEtglCqknsIPsVzB_Yz7B7n5ECuHtcuFME4VZSZcydXN1x0vZsqPINH4QBW0-PNDO9Zk1iWEGiRml_Ccc914b4yAVlhyCG77X5lmB1DUTNjla88Kw -
expires_in:
number
Minimum Value:
0The remaining time in seconds before the token expires.Example:3600 -
jti:
string
Pattern:
^[A-Za-z0-9-_.]+$Unique Id for the token. Not used in SPMS but returned from completeness.Example:525a9373-f0a8-4377-93d7-7d9e00e230b5 -
organization:
string
Pattern:
^[A-Za-z0-9-_.]+$Organization of the user.Example:COMPANY -
refresh_token:
string
Pattern:
^[A-Za-z0-9-_=]+\.[A-Za-z0-9-_=]+\.?[A-Za-z0-9-_.+/=]*$A token to be used to retrieve a new access token.Example:eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3Btcy1vYXV0aDItcmVzb3VyY2UiXSwidXNlcl9uYW1lIjoiaGVsbG8iLCJzY29wZSI6WyJBbGwiXSwib3JnYW5pemF0aW9uIjoiaGVsbG9DTmpiIiwiYXRpIjoiNTI1YTkzNzMtZjBhOC00Mzc3LTkzZDctN2Q5ZTAwZTIzMGI1IiwiZXhwIjoxNTY4NzQ4MTI0LCJhdXRob3JpdGllcyI6WyJBRE1JTiJdLCJqdGkiOiI2MTMxYTljNy05YTc3LTRmYmMtYWQyZi01YWNkOTQzM2E4MjQiLCJjbGllbnRfaWQiOiJjbGllbnRpZCJ9.gkCMb1VreAmBDI51wYTfDVyaYQsbfgznNl1tb8hUEEpXsPm0ZlaTFynLr_VUFae6AbF1bHsktSMmpLc9jndIVHAJ3dIoV9vTtngf3XffGcS_HhzlyhHZSFiLb4zFXjFUFJ1WmBMK6FYLr3mBsta4nAI3q7jeF_QEC2rJFIr8z3sHTK0jJyDFXzwcnuNVPhLiuZ42qOatcxB4oA5n07JhJOCbA9dIyl4yVZkxvZR484lUOI32_i2EE0yx05xgwDIwNJMbdxo5WF99J6IWSJO17jLb3K9JzlBEcBqL7Sq4XoNBKJ7u2buDaWpxlgPh84gohT_8dqCKt8r7sKWwQDgyvg -
scope:
string
Scope of use of this token.
-
token_type:
string
Pattern:
bearerThe type of token returned. Currently always return `bearer`.Example:bearer
Example Response (application/json)
{
"access_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3Btcy1vYXV0aDItcmVzb3VyY2UiXSwidXNlcl9uYW1lIjoiaGVsbG8iLCJzY29wZSI6WyJBbGwiXSwib3JnYW5pemF0aW9uIjoiaGVsbG9DTmpiIiwiZXhwIjoxNTY4NzMwMTI0LCJhdXRob3JpdGllcyI6WyJBRE1JTiJdLCJqdGkiOiI1MjVhOTM3My1mMGE4LTQzNzctOTNkNy03ZDllMDBlMjMwYjUiLCJjbGllbnRfaWQiOiJjbGllbnRpZCJ9.T97KAuIlw0hEwG6t8s7SlZo8A9C0wVH5m9RzUAQacWwE4EV_wAPdrYnjHTbTdhnyHhVE4amxm8za3VSBG9IakG2ij5nqcg4Nq-MkRbDsyh-e7AMOSu9ZCnw6JfwVconRqJwDVgiR0IA83ZqgiC5h31vuXY7PUmpdxQ-6Lc1wynA_lWoGthevhTCVJWXIprum68CdvH6D-DAUK4p1fzPL20Q-cR0pQmkEiE-RMmEtglCqknsIPsVzB_Yz7B7n5ECuHtcuFME4VZSZcydXN1x0vZsqPINH4QBW0-PNDO9Zk1iWEGiRml_Ccc914b4yAVlhyCG77X5lmB1DUTNjla88Kw",
"token_type":"bearer",
"refresh_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3Btcy1vYXV0aDItcmVzb3VyY2UiXSwidXNlcl9uYW1lIjoiaGVsbG8iLCJzY29wZSI6WyJBbGwiXSwib3JnYW5pemF0aW9uIjoiaGVsbG9DTmpiIiwiYXRpIjoiNTI1YTkzNzMtZjBhOC00Mzc3LTkzZDctN2Q5ZTAwZTIzMGI1IiwiZXhwIjoxNTY4NzQ4MTI0LCJhdXRob3JpdGllcyI6WyJBRE1JTiJdLCJqdGkiOiI2MTMxYTljNy05YTc3LTRmYmMtYWQyZi01YWNkOTQzM2E4MjQiLCJjbGllbnRfaWQiOiJjbGllbnRpZCJ9.gkCMb1VreAmBDI51wYTfDVyaYQsbfgznNl1tb8hUEEpXsPm0ZlaTFynLr_VUFae6AbF1bHsktSMmpLc9jndIVHAJ3dIoV9vTtngf3XffGcS_HhzlyhHZSFiLb4zFXjFUFJ1WmBMK6FYLr3mBsta4nAI3q7jeF_QEC2rJFIr8z3sHTK0jJyDFXzwcnuNVPhLiuZ42qOatcxB4oA5n07JhJOCbA9dIyl4yVZkxvZR484lUOI32_i2EE0yx05xgwDIwNJMbdxo5WF99J6IWSJO17jLb3K9JzlBEcBqL7Sq4XoNBKJ7u2buDaWpxlgPh84gohT_8dqCKt8r7sKWwQDgyvg",
"expires_in":3600,
"scope":"All",
"organization":"COMPANY",
"jti":"525a9373-f0a8-4377-93d7-7d9e00e230b5"
}400 Response
Bad Request
Root Schema : schema
Type:
Show Source
object-
error(optional):
string
Pattern:
^[A-Za-z0-9-_.]+$Code representing the reason why the attempt to authenticate the user failed.Example:invalid_grant -
error_description(optional):
string
Pattern:
^[A-Za-z0-9-_.]+$Short human readable description of why the attempt to authenticate failed.Example:Bad credentials
Example Response (application/json)
{
"error":"invalid_grant",
"error_description":"Bad credentials"
}401 Response
Unauthorized
Root Schema : schema
Match All
Show Source
-
object
Error Response
Title:
Error ResponseError Response returned when encountered error
Example:
{
"type":"HTTP://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2",
"title":"Unauthorized",
"detail":"Valid token is required to access this resource"
}Nested Schema : Error Response
Type:
objectTitle:
Error ResponseError Response returned when encountered error
Show Source
403 Response
Forbidden
Example Response (application/json)
{
"error":"access_denied",
"error_description":"The user has been locked out for 30 mins"
}500 Response
Internal Server Error
Root Schema : schema
Type:
Show Source
object-
error(optional):
string
Pattern:
^[A-Za-z0-9-_.]+$Code representing the reason why the attempt to authenticate the user failed.Example:server_error -
error_description(optional):
string
Pattern:
^[A-Za-z0-9-_.]+$Short human readable description of why the attempt to authenticate failed.Example:Internal Server Error
Example Response (application/json)
{
"error":"server_error",
"error_description":"Internal Server Error"
}