Using the Password Authorization Flow

From TeamServer ER/Studio
Jump to: navigation, search

Go Up to Obtaining Authorization to Use the API

The Password Authorization Flow allows client applications to use user credentials in exchange for an access token.

You must perform a GET request against providing the credentials of a ER/Studio Team Server user with permission to use the API. In your request, you must append the following query parameters to this URL:

Item Example Description



The username of the user, encoded in UTF-8.



The password of the user, encoded in UTF-8.



The ID of your client application, as registered in the target ER/Studio Team Server installation.



The secret of your client application, as registered in the target ER/Studio Team Server installation.



The type of your access token request.

Provide the value password here, as your request to ER/Studio Team Server is for an access token in exchange for user credentials.

The following is an example URL:

ER/Studio Team Server responds in JSON format. The server response includes the following information:

    // Token to include in every API request to get access.
    "access_token": "d4ac0c07-0013-4939-b9ee-0112fdbb7d64",
    // Type of token. This is always "bearer".
    "token_type": "bearer",
    // Token that you can use to get a brand-new access token without further user interaction.
    "refresh_token": "bcd5a78c-9f0a-4ba6-9baa-5872e5acf7bb",
    // Number of seconds before the access token expires. Default value is 86400 (7 days).
    "expires_in": 86399,
    // Granted scope.
    "scope": "read write"
Note: If you get an error instead, check the OAuth 2.0 API troubleshooting information.

You can now start using the ER/Studio Team Server API, including the provided access token in every API request.

You obtain a refresh token as well as an access token. You can use that refresh token to obtain a new access token when your current access token expires.

See Also