Using the Password Authorization Flow

From TeamServer ER/Studio
Jump to: navigation, search

Go Up to Obtaining Authorization to Use the API

The Password Authorization Flow allows client applications to use user credentials in exchange for an access token.

You must perform a GET request against providing the credentials of a Team Server user with permission to use the API. In your request, you must append the following query parameters to this URL:

Item Example Description



The username of the user, encoded in UTF-8.



The password of the user, encoded in UTF-8.



The ID of your client application, as registered in the target Team Server installation.



The secret of your client application, as registered in the target Team Server installation.



The type of your access token request.

Provide the value password here, as your request to Team Server is for an access token in exchange for user credentials.

The following is an example URL:

Team Server responds in JSON format. The server response includes the following information:

    // Token to include in every API request to get access.
    "access_token": "d4ac0c07-0013-4939-b9ee-0112fdbb7d64",
    // Type of token. This is always "bearer".
    "token_type": "bearer",
    // Token that you can use to get a brand-new access token without further user interaction.
    "refresh_token": "bcd5a78c-9f0a-4ba6-9baa-5872e5acf7bb",
    // Number of seconds before the access token expires. Default value is 86400 (1 day).
    "expires_in": 86399,
    // Granted scope.
    "scope": "read write"
Note: If you get an error instead, check the OAuth 2.0 API troubleshooting information.

You can now start using the Team Server API, including the provided access token in every API request.

You obtain a refresh token as well as an access token. You can use that refresh token to obtain a new access token when your current access token expires.

See Also