ObjectsGrid
  • Documentation
    • Core Concepts
    • Usage Guide
      • Quick Start
      • Authentication and Authorization
      • Access Control via ABAC
      • GraphQL API Examples
      • Login with Google app setup
    • OBJECTS GRID Objects
      • Generic Object
        • GenericObjects REST API
      • ProductCatalog Object
      • ProductGroup Object
      • Product Object
      • Meta Object
      • Tags Object
    • Private Objects
      • Auth
        • Tokens REST API
      • ABAC Policy
        • ABACPolicies REST API
      • Organization Account
        • OrganizationAccounts REST API
      • User Account
        • UserAccounts REST API
      • Service Account
        • ServiceAccounts REST API
      • Access Logging
        • AccessLogEntries REST API
  • Support
    • Terms and Conditions
  • Blogs
    • Attribute Based Access Control
    • ABAC vs RBAC
Powered by GitBook
On this page

Was this helpful?

  1. Documentation
  2. Private Objects
  3. Auth

Tokens REST API

Tokens REST API documentation and interactive testing.

PreviousAuthNextABAC Policy

Last updated 25 days ago

Was this helpful?

For the document use this link:

OpenAPI Specification
https://apis.objectsgrid.com/oauth2/token/contract
  • POSTCreate a new Access Token for an User Account
  • POSTCreate a new Access Token for a Service Account
  • POSTCreate a new Access Token for an Anonymous Account
  • POSTRefresh Access Token using a Refresh Token
  • POSTRevoke a Refresh Token (Administrators only)

Create a new Access Token for an User Account

post
Header parameters
X-ObjectsGrid-AccessPointstring · enumrequired

EU or US depending on where your Organization Account is located

Available options:
Body
grant_typestring · enumrequired

OAuth2 required attribute, do not change the 'urn:ietf:params:oauth:grant-type:token-exchange' value

Available options:
subject_tokenstringrequired

Your ID Token that you obtained from the external Identity Provider (Google, Facebook, Okta)

subject_token_typestring · enumrequired

OAuth2 required attribute, do not change the 'urn:ietf:params:oauth:token-type:id_token' value

Available options:
client_idstringrequired

Your Organization Account ID. The attribute name 'client_id' is required for OAuth2 standard compliance, but for this use case it really is organization account id.

Responses
application/json
application/json
application/json
application/json
application/json
post
curl -L \
  --request POST \
  --url 'https://apis.objectsgrid.com/oauth2/token/useraccount' \
  --header 'X-ObjectsGrid-AccessPoint: EU' \
  --header 'Content-Type: application/json' \
  --data '{
    "grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
    "subject_token": "text",
    "subject_token_type": "urn:ietf:params:oauth:token-type:id_token",
    "client_id": "text"
  }'
201
400
401
427
500
{
  "access_token": "text",
  "token_type": "text",
  "expires_in": 1,
  "refresh_token": "text"
}

Successfully created the organization account

Create a new Access Token for a Service Account

post
Authorizations
Header parameters
X-ObjectsGrid-AccessPointstring · enumrequired

EU or US depending on where your Organization Account is located

Available options:
Body
grant_typestring · enumrequired

OAuth2 required attribute, do not change the 'client_credentials' value

Available options:
Responses
application/json
application/json
application/json
application/json
application/json
post
curl -L \
  --request POST \
  --url 'https://apis.objectsgrid.com/oauth2/token/serviceaccount' \
  --header 'Authorization: Basic username:password' \
  --header 'X-ObjectsGrid-AccessPoint: EU' \
  --header 'Content-Type: application/json' \
  --data '{
    "grant_type": "client_credentials"
  }'
201
400
401
427
500
{
  "access_token": "text",
  "token_type": "text",
  "expires_in": 1,
  "refresh_token": "text"
}

Successfully created the organization account

Create a new Access Token for an Anonymous Account

post
Authorizations
Header parameters
X-ObjectsGrid-AccessPointstring · enumrequired

EU or US depending on where your Organization Account is located

Available options:
Body
grant_typestring · enumrequired

OAuth2 required attribute, do not change the 'client_credentials' value

Available options:
Responses
application/json
application/json
application/json
application/json
application/json
post
curl -L \
  --request POST \
  --url 'https://apis.objectsgrid.com/oauth2/token/anonymous' \
  --header 'Authorization: Basic username:password' \
  --header 'X-ObjectsGrid-AccessPoint: EU' \
  --header 'Content-Type: application/json' \
  --data '{
    "grant_type": "client_credentials"
  }'
201
400
401
427
500
{
  "access_token": "text",
  "token_type": "text",
  "expires_in": 1,
  "refresh_token": "text"
}

Successfully created the organization account

Refresh Access Token using a Refresh Token

post
Authorizations
Header parameters
X-ObjectsGrid-AccessPointstring · enumrequired

EU or US depending on where your Organization Account is located

Available options:
Body
refresh_tokenstringrequired

The refresh token you previously obtained in a Create Access Token request

grant_typestring · enumrequired

OAuth2 required attribute, do not change the 'refresh_token' value

Available options:
Responses
application/json
application/json
application/json
application/json
application/json
post
curl -L \
  --request POST \
  --url 'https://apis.objectsgrid.com/oauth2/token/refresh' \
  --header 'Authorization: Bearer Bearer JWT' \
  --header 'X-ObjectsGrid-AccessPoint: EU' \
  --header 'Content-Type: application/json' \
  --data '{
    "refresh_token": "text",
    "grant_type": "refresh_token"
  }'
201
400
401
427
500
{
  "access_token": "text",
  "token_type": "text",
  "expires_in": 1,
  "refresh_token": "text"
}

Successfully refreshed token

Revoke a Refresh Token (Administrators only)

post
Authorizations
Header parameters
X-ObjectsGrid-AccessPointstring · enumrequired

EU or US depending on where your Organization Account is located

Available options:
Body
tokenstringrequired

The refresh token to revoke

token_type_hintstring · enumrequired

OAuth2 required attribute, do not change the 'refresh_token' value

Available options:
Responses
application/json
application/json
application/json
application/json
post
curl -L \
  --request POST \
  --url 'https://apis.objectsgrid.com/oauth2/token/revoke' \
  --header 'Authorization: Bearer Bearer JWT' \
  --header 'X-ObjectsGrid-AccessPoint: EU' \
  --header 'Content-Type: application/json' \
  --data '{
    "token": "text",
    "token_type_hint": "refresh_token"
  }'
200
400
401
427
500
No Content

Successfully revoked token or token already revoked. No response body returned.