Authentication
Overview
Authentication is OAuth-based and uses bearer tokens.
Endpoint Summary
| Method | Route | Purpose |
|---|---|---|
POST | /v2.3/oauth/token | Obtain access token (password, refresh_token) grant |
POST | /v2.3/oauth/revoke | Revoke access token or refresh token |
POST /v2.3/oauth/token
Obtain an access token.
Headers
| Header | Required | Value |
|---|---|---|
Content-Type | Yes | application/json |
Accept | Yes | application/json |
Request Body Fields
| Field | Type | Required | Description |
|---|---|---|---|
grant_type | string | Yes | Supported values: password, refresh_token. |
username | string | Conditional | Required when grant_type=password. |
password | string | Conditional | Required when grant_type=password. |
refresh_token | string | Conditional | Required when grant_type=refresh_token. |
Example Request (password grant)
curl -X POST "{{BASE_URL}}/v2.3/oauth/token" \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-d '{
"grant_type": "password",
"username": "{{USERNAME}}",
"password": "{{PASSWORD}}"
}'
Example Request (refresh_token grant)
curl -X POST "{{BASE_URL}}/v2.3/oauth/token" \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-d '{
"grant_type": "refresh_token",
"refresh_token": "{{REFRESH_TOKEN}}"
}'
Success Response (200)
{
"access_token": "<token>",
"token_type": "Bearer",
"expires_in": 3600,
"refresh_token": "<refresh_token>"
}
Response Fields
| Field | Type | Description |
|---|---|---|
access_token | string | Access token used in Authorization: Bearer .... |
token_type | string | Token type (Bearer). |
expires_in | number | Token lifetime in seconds. |
refresh_token | string | Refresh token used to obtain a new access token. |
Error Examples
401 Unauthorized
{
"error": {
"code": "invalid_credentials",
"message": "Invalid username or password."
}
}
422 Unprocessable Entity
{
"error": {
"code": "validation_error",
"message": "The request payload is invalid.",
"details": [
{
"field": "grant_type",
"message": "The selected grant_type is invalid."
}
]
}
}
POST /v2.3/oauth/revoke
Revoke the current token context or provided token payload, depending on implementation policy.
Headers
| Header | Required | Value |
|---|---|---|
Authorization | Yes | Bearer {{ACCESS_TOKEN}} |
Content-Type | Yes | application/json |
Accept | Yes | application/json |
Request Body
No request body is required.
Example Request
curl -X POST "{{BASE_URL}}/v2.3/oauth/revoke" \
-H "Authorization: Bearer {{ACCESS_TOKEN}}" \
-H "Content-Type: application/json" \
-H "Accept: application/json"
Success Response (200)
{
"message": "Token revoked successfully"
}
Error Examples
401 Unauthorized
{
"error": {
"code": "unauthorized",
"message": "Authentication is required."
}
}