Access Token
Before executing a resource-based API call, you must first obtain an access token by making a specific request to the authorization server.
For the Resource Owner grant type, the authorization server for requesting access tokens
is hosted at /token and can be called directly with the
administrator credentials. For example: POST
https://server.domain.tld/Connect/token
.
For the Authorization Code grant type, you must first initiate a GET request to
/authorize that contains your client ID. For example,
GET
https://server.domain.tld/Connect/oauth/authorize?response_type=code&client_id=abc&state=xyz
.
You may preserve the state of your application in the state
property of
the request.
If an external identity provider is configured, you will be redirected to their login page.
Upon successful authentication, you will receive an authorization code to exchange for
an access token. If an external identity provider is not configured, you will be
redirected to SOTI Connect's login page.
Note: Access tokens are
time-sensitive with the validity contained in the response. In case of expiration,
you must make another token request.