Using the Password Authorization Flow

From Connect
Jump to: navigation, search

Go Up to Obtaining Authorization to Use the API

The Password Authorization Flow allows client applications to use user credentials in exchange for an access token.

You must perform a GET request against providing the credentials of a Embarcadero Connect user with permission to use the API. In your request, you must append the following query parameters to this URL:

Item Example Description



The username of the user, encoded in UTF-8.



The password of the user, encoded in UTF-8.



The ID of your client application, as registered in the target Embarcadero Connect installation.



The secret of your client application, as registered in the target Embarcadero Connect installation.



The type of your access token request.

Provide the value password here, as your request to Embarcadero Connect is for an access token in exchange for user credentials.

The following is an example URL:

Embarcadero Connect responds in JSON format. The server response includes the following information:

    // Token to include in every API request to get access.
    "access_token": "d4ac0c07-0013-4939-b9ee-0112fdbb7d64",
    // Type of token. This is always "bearer".
    "token_type": "bearer",
    // Token that you can use to get a brand-new access token without further user interaction.
    "refresh_token": "bcd5a78c-9f0a-4ba6-9baa-5872e5acf7bb",
    // Number of seconds before the access token expires. Default value is 86400 (7 days).
    "expires_in": 86399,
    // Granted scope.
    "scope": "read write"
Note: If you get an error instead, check the OAuth 2.0 API troubleshooting information.

You can now start using the Embarcadero Connect API, including the provided access token in every API request.

You obtain a refresh token as well as an access token. You can use that refresh token to obtain a new access token when your current access token expires.

See Also