ObjectsGrid
  • Documentation
    • Core Concepts
    • Usage Guide
      • Quick Start
      • Authentication and Authorization
      • Access Control via ABAC
      • GraphQL API Examples
      • Login with Google app setup
      • Objects Schemas
    • OBJECTS GRID Objects
      • Generic Object
        • GenericObjects REST API
      • Enum Object
        • Enum Object REST API
      • ProductCatalog Object
      • ProductGroup Object
      • Product Object
      • Brand Object
        • Brands REST API
      • Language-Tagged String
      • Tags Object
      • Meta Object
    • Private Objects
      • Auth
        • Tokens REST API
      • ABAC Policy
        • ABACPolicies REST API
      • Organization Account
        • OrganizationAccounts REST API
      • User Account
        • UserAccounts REST API
      • Service Account
        • ServiceAccounts REST API
      • Access Logging
        • AccessLogEntries REST API
  • Support
    • Terms and Conditions
  • Blogs
    • Attribute Based Access Control
    • ABAC vs RBAC
Powered by GitBook
On this page

Was this helpful?

  1. Documentation
  2. Private Objects
  3. Auth

Tokens REST API

Tokens REST API documentation and interactive testing.

PreviousAuthNextABAC Policy

Last updated 2 months ago

Was this helpful?

For the document use this link:

OpenAPI Specification
https://apis.objectsgrid.com/oauth2/token/contract
  • POSTCreate a new Access Token for an User Account
  • POSTCreate a new Access Token for a Service Account
  • POSTCreate a new Access Token for an Anonymous Account
  • POSTRefresh Access Token using a Refresh Token
  • POSTRevoke a Refresh Token (Administrators only)

Create a new Access Token for an User Account

post
Header parameters
X-ObjectsGrid-AccessPointstring · enumRequired

EU or US depending on where your Organization Account is located

Possible values:
Body
grant_typestring · enumRequired

OAuth2 required attribute, do not change the 'urn:ietf:params:oauth:grant-type:token-exchange' value

Possible values:
subject_tokenstringRequired

Your ID Token that you obtained from the external Identity Provider (Google, Facebook, Okta)

subject_token_typestring · enumRequired

OAuth2 required attribute, do not change the 'urn:ietf:params:oauth:token-type:id_token' value

Possible values:
client_idstringRequired

Your Organization Account ID. The attribute name 'client_id' is required for OAuth2 standard compliance, but for this use case it really is organization account id.

Responses
201
Successfully created the organization account
application/json
400
Bad request
application/json
401
Unauthorized
application/json
427
Too Many Requests
application/json
500
Internal server error
application/json
post
POST /oauth2/token/useraccount HTTP/1.1
Host: apis.objectsgrid.com
X-ObjectsGrid-AccessPoint: EU
Content-Type: application/json
Accept: */*
Content-Length: 171

{
  "grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
  "subject_token": "text",
  "subject_token_type": "urn:ietf:params:oauth:token-type:id_token",
  "client_id": "text"
}
{
  "access_token": "text",
  "token_type": "text",
  "expires_in": 1,
  "refresh_token": "text"
}

Create a new Access Token for a Service Account

post
Authorizations
Header parameters
X-ObjectsGrid-AccessPointstring · enumRequired

EU or US depending on where your Organization Account is located

Possible values:
Body
grant_typestring · enumRequired

OAuth2 required attribute, do not change the 'client_credentials' value

Possible values:
Responses
201
Successfully created the organization account
application/json
400
Bad request
application/json
401
Unauthorized
application/json
427
Too Many Requests
application/json
500
Internal server error
application/json
post
POST /oauth2/token/serviceaccount HTTP/1.1
Host: apis.objectsgrid.com
Authorization: Basic username:password
X-ObjectsGrid-AccessPoint: EU
Content-Type: application/json
Accept: */*
Content-Length: 35

{
  "grant_type": "client_credentials"
}
{
  "access_token": "text",
  "token_type": "text",
  "expires_in": 1,
  "refresh_token": "text"
}

Create a new Access Token for an Anonymous Account

post
Authorizations
Header parameters
X-ObjectsGrid-AccessPointstring · enumRequired

EU or US depending on where your Organization Account is located

Possible values:
Body
grant_typestring · enumRequired

OAuth2 required attribute, do not change the 'client_credentials' value

Possible values:
Responses
201
Successfully created the organization account
application/json
400
Bad request
application/json
401
Unauthorized
application/json
427
Too Many Requests
application/json
500
Internal server error
application/json
post
POST /oauth2/token/anonymous HTTP/1.1
Host: apis.objectsgrid.com
Authorization: Basic username:password
X-ObjectsGrid-AccessPoint: EU
Content-Type: application/json
Accept: */*
Content-Length: 35

{
  "grant_type": "client_credentials"
}
{
  "access_token": "text",
  "token_type": "text",
  "expires_in": 1,
  "refresh_token": "text"
}

Refresh Access Token using a Refresh Token

post
Authorizations
Header parameters
X-ObjectsGrid-AccessPointstring · enumRequired

EU or US depending on where your Organization Account is located

Possible values:
Body
refresh_tokenstringRequired

The refresh token you previously obtained in a Create Access Token request

grant_typestring · enumRequired

OAuth2 required attribute, do not change the 'refresh_token' value

Possible values:
Responses
201
Successfully refreshed token
application/json
400
Bad request
application/json
401
Unauthorized
application/json
427
Too Many Requests
application/json
500
Internal server error
application/json
post
POST /oauth2/token/refresh HTTP/1.1
Host: apis.objectsgrid.com
Authorization: Bearer Bearer JWT
X-ObjectsGrid-AccessPoint: EU
Content-Type: application/json
Accept: */*
Content-Length: 53

{
  "refresh_token": "text",
  "grant_type": "refresh_token"
}
{
  "access_token": "text",
  "token_type": "text",
  "expires_in": 1,
  "refresh_token": "text"
}

Revoke a Refresh Token (Administrators only)

post
Authorizations
Header parameters
X-ObjectsGrid-AccessPointstring · enumRequired

EU or US depending on where your Organization Account is located

Possible values:
Body
tokenstringRequired

The refresh token to revoke

token_type_hintstring · enumRequired

OAuth2 required attribute, do not change the 'refresh_token' value

Possible values:
Responses
200
Successfully revoked token or token already revoked. No response body returned.
400
Bad request
application/json
401
Unauthorized
application/json
427
Too Many Requests
application/json
500
Internal server error
application/json
post
POST /oauth2/token/revoke HTTP/1.1
Host: apis.objectsgrid.com
Authorization: Bearer Bearer JWT
X-ObjectsGrid-AccessPoint: EU
Content-Type: application/json
Accept: */*
Content-Length: 50

{
  "token": "text",
  "token_type_hint": "refresh_token"
}
No content