Request Access Token

Initiate a POST request with an Authorization: header containing the API client ID and secret, and the body containing either SOTI Connect administrator credentials or an authorization code.

Construct the Authorization: header field as follows:

Combine the client ID and client secret into a string separated by a colon. For example: ClientID:ClientSecret. Note that these fields must not otherwise contain a colon.
Encode the resulting string using the RFC2045-MIME variant of Base64, except not limited to 76 characters/line.
Prefix Basic before the encoded string.

Depending on your grant type, ensure the body of the request contains the following parameters.

Grant Type Description

Grant Type	Description
Resource Owner	grant_type: Set to password. username: SOTI Connect administrator username (`Administrator` in the following example). password: SOTI Connect administrator password (`1` in the following example). Example: `POST https://server.domain.tld/Connect/api/token HTTP/1.1 Host: server.domain.tld Authorization: Basic QXBwbGljYXRpb24xOkFwcGxpY2F0aW9uMVBhc3N3b3Jk Content-Type: application/x-www-form-urlencoded Content-Length: 53 grant_type=password&username=Administrator&password=1`
Authorization Code	grant_type is set to `authorization_code&=[authorization code`. Example: `POST https://server.domain.tld/Connect/api/token HTTP/1.1 Host: server.domain.tld Authorization: Basic QXBwbGljYXRpb24xOkFwcGxpY2F0aW9uMVBhc3N3b3Jk Content-Type: application/x-www-form-urlencoded Content-Length: 53 grant_type=authorization_code&code=[authorization code]`

Resource Owner

grant_type: Set to password.
username: SOTI Connect administrator username (Administrator in the following example).
password: SOTI Connect administrator password (1 in the following example).

Example:

POST https://server.domain.tld/Connect/api/token HTTP/1.1 Host: server.domain.tld Authorization: Basic QXBwbGljYXRpb24xOkFwcGxpY2F0aW9uMVBhc3N3b3Jk Content-Type: application/x-www-form-urlencoded Content-Length: 53 grant_type=password&username=Administrator&password=1

Authorization Code

grant_type is set to

authorization_code&=[authorization
                                    code

Example:

POST https://server.domain.tld/Connect/api/token HTTP/1.1 Host: server.domain.tld Authorization: Basic QXBwbGljYXRpb24xOkFwcGxpY2F0aW9uMVBhc3N3b3Jk Content-Type: application/x-www-form-urlencoded Content-Length: 53 grant_type=authorization_code&code=[authorization code]

In response, the output will contain the following properties:

access token: For use in every subsequent API request.
token type: The type of token, always set to bearer.
expires in: The token validity value in seconds. If the token is expired, the client must issue an additional token request to retrieve a new token value.

Response example:

{"access_token":"AAEAAK0OiDDPciqCR5sZ6Nu6c8wIvURVwCTxslETUGp xDfmf6uzkXAg9MKzfJqm4k9ADBYIaOsT20wllKWQgQvH5sYkaIWxtOZ9OntAkxwPn wBRO7rNqCGj9yfg-COpYCdr2GEMl5SzaAPx2_WBQ3SwhKuGWuuDxVMzRWdAW1r36J Y6N9Fp-rYK3CtoNs4ibqswOs7qSPzuwo_K9l9_c5oCz7d6qJxJdhKoh3MC8vqFXxJ SXIEAwXnL7KWtrhanIcj_m0abZWfvR7e5npIHDcHH-bfVmc6wp-SsKJ-FyG7_zg2F d8HjvoqivTqRO5i1RSpaPpOa318g2FMIw-Lh6I5K0FAOUAQAAAAEAABW2-Dr_0-vr bZGMubz8ZGqpo6Z67n3JqBIFPgMOPotNHVJSUc_2HbozYt7smfuCIeIvE0gd84ti3 LBJXSkiOBPJmxp-WhdC1IbB7y2W5G8D4l5MD3VbDTz6ov_VnZGpRc-h7Q9Knn1Vyk QTHo4NknDUdVkqDe3VHQsjtn12QINEzb04Ch-RpudIHnKG-P-jhIIszo2M0_Po8_U aHVwrpPtwhUCzqOU_Gus1nS694dP-8rXqjtbLxh_5GB1iQQBitMd-VgD8XzQrLqqH a6HcK1C41ZyA1Ot2_47vOKNrf_Mg6Ig8quYMpUypOdwFl9_Nb815TN-eSuDwQsSKn SnHDvTH8bSz9O0vHoiPexh2Weuf2N0KGZUlpC0OLy3oRb0d_aBOUdpnoIJ59Gc95H 7yTAnNPRuBnX0wDnvTFNkuN7ezKzfP2rNmfKPeoj0Xyf2FhGiSHgBJUuNpWwGJkz5 0tVX5nPl42Ow2ua9pLZqPg-GJQnmXwukVgV6w4dDoRsFVYbrRSdp-quU4pyNfj987 GWM","token_type":"bearer","expires_in":3600}