POST /identity/connect/token

Allows an application to obtain an Access Token, which can be used to make API requests. Tokens received by this method should be cached and reused until they expire. All parameters should be sent in the request body using the “application/x-www-form-urlencoded” format.

Request

Parameter Description Additional information
grant_type Value must be set to “client_credentials”. Define this parameter in the body
scope Value must be set to “api”. Define this parameter in the body
client_id Value must be set to “tenant-api”. Define this parameter in the body
client_secret The client secret as defined by the appSetting ApiSecret. Define this parameter in the body

Example

grant_type=client_credentials&scope=api&client_id=tenant-api&client_secret={ApiSecret}

Alternatively you can pass the client_id and client_secret in the Authorization header via Basic Authentication.

When providing the client_id and client_secret in the Authorization header it is expected to be:

client_id:client_secret
Base64 encoded

var clientId = "...";
var clientSecret = "...";

var encoding = Encoding.UTF8;
var credentials = string.Format("{0}:{1}", clientId, clientSecret);

var headerValue = Convert.ToBase64String(encoding.GetBytes(credentials));

Response

If the access token request is valid and authorized, the authorization server issues an access token and optional refresh token as described in Section 5.1. If the request failed client authentication or is invalid, the authorization server returns an error response as described in Section 5.2.

Example

{
  "access_token":"nSC8mSjBuqiJ5QzZ2UnOPf7L4KP5171YghoKinBMZTVeJR3H0fMNuLDqd4FHahTou7ShzO8Bur3S9Wv36hJ6NYTY9TLzSeNbOooQdWtuNpvETFibCzRWO2SwNqzPYldzdS2yPTINrZVxhQzRxaqMKGY5S3EyVMnqwjua1h6Q6hG51pXeJT0MYBRRNiUKU-HNH-MtBwEtLV0FPAItOzelHuJ0DNKBg9XkpIfLhCjogZkK6NfW8Y7bwxsBO5bNbYshGOWVrba9GBgG98EGTyrymvBp7YxsDIxWVQ6ylatHc2A",
  "token_type":"bearer",
  "expires_in":3600
}