Request Access Token

Initiate a POST request with an Authorization: header containing the API client ID and secret, and the body containing either SOTI Connect administrator credentials or an authorization code.

Construct the Authorization: header field as follows:
  • Combine the client ID and client secret into a string separated by a colon. For example: ClientID:ClientSecret. Note that these fields must not otherwise contain a colon.
  • Encode the resulting string using the RFC2045-MIME variant of Base64, except not limited to 76 characters/line.
  • Prefix Basic before the encoded string.

Depending on your grant type, ensure the body of the request contains the following parameters.

Grant Type Description
Resource Owner
  • grant_type: Set to password.
  • username: SOTI Connect administrator username (Administrator in the following example).
  • password: SOTI Connect administrator password (1 in the following example).
Example:
POST https://server.domain.tld/Connect/api/token HTTP/1.1 Host: server.domain.tld Authorization: Basic QXBwbGljYXRpb24xOkFwcGxpY2F0aW9uMVBhc3N3b3Jk Content-Type: application/x-www-form-urlencoded Content-Length: 53 grant_type=password&username=Administrator&password=1
Authorization Code grant_type is set to authorization_code&=[authorization code.
Example:
POST https://server.domain.tld/Connect/api/token HTTP/1.1 Host: server.domain.tld Authorization: Basic QXBwbGljYXRpb24xOkFwcGxpY2F0aW9uMVBhc3N3b3Jk Content-Type: application/x-www-form-urlencoded Content-Length: 53 grant_type=authorization_code&code=[authorization code]
In response, the output will contain the following properties:
  • access token: For use in every subsequent API request.
  • token type: The type of token, always set to bearer.
  • expires in: The token validity value in seconds. If the token is expired, the client must issue an additional token request to retrieve a new token value.
Response example:
{"access_token":"AAEAAK0OiDDPciqCR5sZ6Nu6c8wIvURVwCTxslETUGp xDfmf6uzkXAg9MKzfJqm4k9ADBYIaOsT20wllKWQgQvH5sYkaIWxtOZ9OntAkxwPn wBRO7rNqCGj9yfg-COpYCdr2GEMl5SzaAPx2_WBQ3SwhKuGWuuDxVMzRWdAW1r36J Y6N9Fp-rYK3CtoNs4ibqswOs7qSPzuwo_K9l9_c5oCz7d6qJxJdhKoh3MC8vqFXxJ SXIEAwXnL7KWtrhanIcj_m0abZWfvR7e5npIHDcHH-bfVmc6wp-SsKJ-FyG7_zg2F d8HjvoqivTqRO5i1RSpaPpOa318g2FMIw-Lh6I5K0FAOUAQAAAAEAABW2-Dr_0-vr bZGMubz8ZGqpo6Z67n3JqBIFPgMOPotNHVJSUc_2HbozYt7smfuCIeIvE0gd84ti3 LBJXSkiOBPJmxp-WhdC1IbB7y2W5G8D4l5MD3VbDTz6ov_VnZGpRc-h7Q9Knn1Vyk QTHo4NknDUdVkqDe3VHQsjtn12QINEzb04Ch-RpudIHnKG-P-jhIIszo2M0_Po8_U aHVwrpPtwhUCzqOU_Gus1nS694dP-8rXqjtbLxh_5GB1iQQBitMd-VgD8XzQrLqqH a6HcK1C41ZyA1Ot2_47vOKNrf_Mg6Ig8quYMpUypOdwFl9_Nb815TN-eSuDwQsSKn SnHDvTH8bSz9O0vHoiPexh2Weuf2N0KGZUlpC0OLy3oRb0d_aBOUdpnoIJ59Gc95H 7yTAnNPRuBnX0wDnvTFNkuN7ezKzfP2rNmfKPeoj0Xyf2FhGiSHgBJUuNpWwGJkz5 0tVX5nPl42Ow2ua9pLZqPg-GJQnmXwukVgV6w4dDoRsFVYbrRSdp-quU4pyNfj987 GWM","token_type":"bearer","expires_in":3600}