Using the Password Authorization Flow

Go Up to Obtaining Authorization to Use the API

The Password Authorization Flow allows client applications to use user credentials in exchange for an access token.

You must perform a GET request against http://teamserver.example.com/api/oauth/token providing the credentials of a Team Server user with permission to use the API. In your request, you must append the following query parameters to this URL:

The following is an example URL:

http://teamserver.example.com/api/oauth/token?username=username&password=password&client_id=6a2a39ba-9688-493d-b348-187468f599ae&client_secret=a28e0ca4-27cb-4361-bf97-3b26c612d66a&grant_type=password

Team Server responds in JSON format. The server response includes the following information:

{
    // Token to include in every API request to get access.
    "access_token": "d4ac0c07-0013-4939-b9ee-0112fdbb7d64",
    
    // Type of token. This is always "bearer".
    "token_type": "bearer",
    
    // Token that you can use to get a brand-new access token without further user interaction.
    "refresh_token": "bcd5a78c-9f0a-4ba6-9baa-5872e5acf7bb",
    
    // Number of seconds before the access token expires. Default value is 86400 (1 day).
    "expires_in": 86399,
    
    // Granted scope.
    "scope": "read write"
}

Note: If you get an error instead, check the OAuth 2.0 API troubleshooting information.

You can now start using the Team Server API, including the provided access token in every API request.

You obtain a refresh token as well as an access token. You can use that refresh token to obtain a new access token when your current access token expires.

See Also

• Obtaining an Access Token Using a Refresh Token
• Using the Web Server Authorization Flow
• Using the Embedded Web Browser Authorization Flow
• OAuth 2.0 API