Generate Auth Access Token

POST 
/api/id/v1/auth/token

This API endpoint allows clients to obtain OAuth 2.0 access tokens using the client_credentials grant type. The client must provide its client ID and client secret in the Authorization header, using the Basic authentication scheme. The generated access token can then be used to authenticate and access protected resources within the system.

The request body must include the grant_type as client_credentials, and a scope parameter that defines the permissions being requested. The API will return an access token, along with optional tokens such as an ID token or a refresh token if supported.

This endpoint is used for machine-to-machine authentication, where no user interaction is required. The tokens generated can be used to access APIs securely, ensuring that the client is authorized for the requested scopes.

Request

Header Parameters

Authorization stringrequired

The Authorization header must include the client ID and client secret encoded in base64 using the format Basic base64(client_id:client_secret). This header is required to authenticate the client and obtain the OAuth 2.0 access token.

application/x-www-form-urlencoded

Body

required

grant_type stringrequired

Possible values: [client_credentials]

Specifies the OAuth 2.0 grant type being used. In this case, it must be client_credentials. This indicates that the client is using its own credentials to request an access token.

scope string

The scope of the access request. This parameter defines the permissions being requested for the access token. Multiple scopes can be requested, and they should be space-separated. For example, openid email profile inspect can be used to request access to basic identity information and profile data.

Responses

200

200 OK. The access token was successfully generated. The response contains the access token and, if applicable, additional tokens (e.g., refresh token or ID token). The data includes:

application/json

Schema

Schema

access_token string

The access token issued by the authorization server. This token is used to access protected resources.

expires_in integer

The number of seconds for which the access token is valid. Once this time expires, the token must be refreshed or a new one must be obtained.

id_token string

The ID token issued by the server, if applicable. This token contains identity-related information.

refresh_token string

The refresh token, which can be used to obtain new access tokens without needing to re-authenticate. This field is included if the server supports token refreshing.

scope string

The scopes associated with the access token, indicating the granted permissions.

token_type string

The type of token issued. Typically, this will be Bearer, indicating that the token is a bearer token, which must be sent in the Authorization header when accessing protected resources.

Example (from schema)

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJpbnRlZ3JhdGlvbi1kZXYtVk5aUXFEdDRIdiIsImV4cCI6MTcxNjQ2NjIxOCwianRpIjoiYjc4N2FiMTUtNDgxNS00MTFmLTkzYjctYzc5YWIxNWYwZDg3IiwiaWF0IjoxNzE1ODYxNDE4LCJpc3MiOiJTY3JlZW5pbmcgRWFnbGUgSUQiLCJzdWIiOiIxMzAyIiwic2NwIjoib3BlbmlkIGVtYWlsIHByb2ZpbGUgaW5zcGVjdCIsInNjb3BlcyI6WyJ1c2VyIl0sInVzZXJJRCI6MTMwMiwidXNlclJlZ2lvbiI6IlNHIn0.zsN5ys3qdmcJmJwzZHR9c9LC92KPTh2-NaliF2eSHFc",
  "expires_in": 604800,
  "id_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJpbnRlZ3JhdGlvbi1kZXYtVk5aUXFEdDRIdiIsImV4cCI6MTcxNjQ2NjIxOCwiaWF0IjoxNzE1ODYxNDE4LCJpc3MiOiJTY3JlZW5pbmcgRWFnbGUgSUQiLCJzdWIiOiIxMzAyIiwiZW1haWwiOiJ0ZXN0QHNjcmVlbmluZ2VhZ2xlLmNvbSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJuYW1lIjoiVGVzdCBVc2VyIiwiZmlyc3RfbmFtZSI6IlRlc3QiLCJsYXN0X25hbWUiOiJVc2VyIiwiY291bnRyeV9jb2RlIjoiU0ciLCJwaWN0dXJlIjoiaHR0cHM6Ly9pZC1kZXYuc2NyZWVuaW5nZWFnbGUuY29tL2FwaS92MS91c2VyLzEzMDIvcGljdHVyZS8iLCJ1cGRhdGVkX2F0IjoxNzI1ODQ2Mzc4fQ.rQrkAyINhdV9E8SFmXvZv8v6gmCpokgmVwZFDU_ox28",
  "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJpbnRlZ3JhdGlvbi1kZXYtVk5aUXFEdDRIdiIsImV4cCI6MTcyMTQxMzUzOSwianRpIjoiY2YyNzdhMWUtYTRlNC00ODAzLTgzZmYtNDM5N2MzYzdhZWY0IiwiaWF0IjoxNzA1ODYxNTM5LCJpc3MiOiJTY3JlZW5pbmcgRWFnbGUgSUQiLCJzdWIiOiIxNDEzIiwic2NwIjoib3BlbmlkIGVtYWlsIHByb2ZpbGUgb2ZmbGluZSJ9.IkZRvpIzQ5nr3xOhYWpEHrPkw0X-QWTHA75IAbM8ZLM",
  "scope": "openid email profile inspect",
  "token_type": "Bearer"
}

400

400 Bad Request. The request is invalid. This may occur if required parameters are missing or invalid. Ensure that all required parameters are included and valid.

application/json

Schema

Schema

errorDescription string

A detailed description of the error, providing more context or information about what went wrong. This is intended to help understand the cause of the error and how to resolve it.

error string

A code representing the specific error that occurred. This can be used to programmatically identify and handle the error.

Example (from schema)

{
  "errorDescription": "permission denied",
  "error": "Forbidden"
}

401

401 Unauthorized. Authentication is required and was not provided or is invalid. Ensure that the correct credentials or tokens are included in the request.

application/json

Schema

Schema

errorDescription string

A detailed description of the error, providing more context or information about what went wrong. This is intended to help understand the cause of the error and how to resolve it.

error string

A code representing the specific error that occurred. This can be used to programmatically identify and handle the error.

Example (from schema)

{
  "errorDescription": "permission denied",
  "error": "Forbidden"
}

403

403 Forbidden. The client does not have permission to perform this action. This might happen if the client lacks the necessary privileges to interact with the specified entity.

application/json

Schema

Schema

errorDescription string

A detailed description of the error, providing more context or information about what went wrong. This is intended to help understand the cause of the error and how to resolve it.

error string

A code representing the specific error that occurred. This can be used to programmatically identify and handle the error.

Example (from schema)

{
  "errorDescription": "permission denied",
  "error": "Forbidden"
}

404

404 Not Found. The specified entity does not exist. Verify that the reference given is correct and that the entity is available.

application/json

Schema

Schema

errorDescription string

A detailed description of the error, providing more context or information about what went wrong. This is intended to help understand the cause of the error and how to resolve it.

error string

A code representing the specific error that occurred. This can be used to programmatically identify and handle the error.

Example (from schema)

{
  "errorDescription": "permission denied",
  "error": "Forbidden"
}

500

500 Internal Server Error. An error occurred on the server while processing the request. Retry the operation or contact support if the issue persists.

application/json

Schema

Schema

errorDescription string

A detailed description of the error, providing more context or information about what went wrong. This is intended to help understand the cause of the error and how to resolve it.

error string

A code representing the specific error that occurred. This can be used to programmatically identify and handle the error.

Example (from schema)

{
  "errorDescription": "permission denied",
  "error": "Forbidden"
}

Loading...