Get or Refresh Token

POST 
/auth/v1/token

1.Refresh Token Mechanism

API Description

Obtain a new access_token with a valid refresh_token, and the original refresh_token becomes invalid immediately (conforms to RFC 6749 Section 6)

Request Example:

  {
    "client_id": "mock_AAU5Pw78ioGQnUP4",
    "grant_type": "refresh_token",
    "refresh_token": "mock_m.yPxK8mLnVrQwEoDzFcHbNtGsYvXpRjWq-3eSd2fA1gU5iI9kO0lP7uJ4mT6nB8yC_1xZ2vD3aQ4wF5eR6tG7hY8jM9kL0oN1iP2uK3lQ4mW5nX6bV7cC8dA9fS0gH1jJ2kL3mN4o"
  }

2.Password Mode Authentication

API Description

Obtain access_token based on Resource Owner Password Credentials Grant (RFC 6749 Section 4.3)

Request Example:

  {
    "client_id": "mock_AAU5Pw78ioGQnUP4",
    "grant_type": "password",
    "username": "mock_user001",
    "password": "mock_password@123"
  }

3.Client Credential Mode

API Description

Obtain server-side access_token using Client Credentials Grant (RFC 6749 Section 4.4)

Authentication Method

  Add to request header:
  Authorization: Basic ${base64(SecretId:SecretKey)}

  {
    "client_id": "mock_AAU5Pw78ioGQnUP4",
    "grant_type": "client_credentials"
  }

Key Features:

• Does not return refresh_token
• Automatically grants super administrator privileges

Security Specifications:

• SecretKey needs to be stored in secure media
• The caller needs to have a trusted server environment

Request

Query Parameters

client_id string

Client ID corresponding to the application, defaults to environment ID, can be omitted

Header Parameters

x-device-id string

Device ID, the ID of the current logged-in device. The client should generate it randomly and cache it on the client. This parameter is related to the number of logged-in accounts.

application/json

Body

grant_type Grant type for obtaining token (string)nullable
code Used when grant_type is authorization_code (string)
refresh_token Used when refreshing token via refresh_token (string)
username Used when grant_type is password (string)
password Used when grant_type is password (string)
scope scope, optional (string)
nonce Nonce string, optional (string)
code_verifier PKCE: code_verifier (string)
device_code Device Code Flow https://tools.ietf.org/html/rfc8628 (string)

Responses

200

A successful response.

Response Headers

application/json

Schema

Schema

token_type Access token type (string)

Uniformly return Bearer

access_token User's access token (string)

Token used to access Cloud Development HTTP API, length within 4096 bits

refresh_token User's refresh token (string)

access_token can be refreshed to get a new access_token when it expires through refresh_token, expiration time defaults to 31 days. Length within 128 bits

expires_in int32

Expiration time of access_token, in seconds

scope Authorization scope (string)
sub User's unique ID (string)
groups string[]

Example (from schema)

{
  "token_type": "string",
  "access_token": "string",
  "refresh_token": "string",
  "expires_in": 0,
  "scope": "string",
  "sub": "string",
  "groups": [
    "string"
  ]
}

500

An unexpected error response.

Response Headers

application/json

Schema

Schema

error Error message (string)
error_code int32
error_description Error description (string)

Example (from schema)

{
  "error": "string",
  "error_code": 0,
  "error_description": "string"
}

Loading...