Using the Password Authorization Flow

From TeamServer ER/Studio
Jump to: navigation, search

Go Up to Obtaining Authorization to Use the API

The Password Authorization Flow allows client applications to use user credentials in exchange for an access token.

You must perform a GET request against http://teamserver.example.com/api/oauth/token providing the credentials of a ER/Studio Team Server user with permission to use the API. In your request, you must append the following query parameters to this URL:

Item Example Description

username

username

The username of the user, encoded in UTF-8.

password

password

The password of the user, encoded in UTF-8.

client_id

6a2a39ba-9688-493d-b348-187468f599ae

The ID of your client application, as registered in the target ER/Studio Team Server installation.

client_secret

a28e0ca4-27cb-4361-bf97-3b26c612d66a

The secret of your client application, as registered in the target ER/Studio Team Server installation.

grant_type

password

The type of your access token request.

Provide the value password here, as your request to ER/Studio Team Server is for an access token in exchange for user credentials.

The following is an example URL:

http://teamserver.example.com/api/oauth/token?username=username&password=password&client_id=6a2a39ba-9688-493d-b348-187468f599ae&client_secret=a28e0ca4-27cb-4361-bf97-3b26c612d66a&grant_type=password

ER/Studio Team Server responds in JSON format. The server response includes the following information:

{
    // Token to include in every API request to get access.
    "access_token": "d4ac0c07-0013-4939-b9ee-0112fdbb7d64",
    
    // Type of token. This is always "bearer".
    "token_type": "bearer",
    
    // Token that you can use to get a brand-new access token without further user interaction.
    "refresh_token": "bcd5a78c-9f0a-4ba6-9baa-5872e5acf7bb",
    
    // Number of seconds before the access token expires. Default value is 86400 (7 days).
    "expires_in": 86399,
    
    // Granted scope.
    "scope": "read write"
}
Note: If you get an error instead, check the OAuth 2.0 API troubleshooting information.

You can now start using the ER/Studio Team Server API, including the provided access token in every API request.

You obtain a refresh token as well as an access token. You can use that refresh token to obtain a new access token when your current access token expires.

See Also

Personal tools
Next Version
Previous Versions
Product Family Wiki
Product Videos