Token Authentication (oauth)

Token authentication can be used to obtain a token that can be used in requests the Nexudus REST API without having to use admin credentials.

The general process to use token authentication is as follows:

  1. Get a short-lived authentication access token and a long-lived refresh token.

  2. Refresh the access token as needed by using a refresh token.

  3. Use the "Bearer" HTTP header to make requests to the REST API or the Public API. 

Access tokens are generally short-lived and you should not assume they last for more than a few minutes or hours. 

You should always keep your refresh tokens secure, treat them as passwords. 

Authentication and Refresh Token

Gets a short-lived access token and a long-lived refresh token.

POST https://spaces.nexudus.com/api/token
grant_type=password&username=EMAIL_ADDRESS& password=PASSWORD
Headers

client_id string optional
A unique identifier for the client making these requests. A single refresh token will be created per client, existing tokens for a given client_id are invalidated when a new token is requested for that client_id. If no client_id header is passed, the client id would be set to your email. The client_id parameter can be generated by you. We recommend this to be a unique global identifier. You can generate these from https://www.guidgenerator.com. Make sure to use the same client_id for all requests made by the same app.

Do not send a JSON body as part of this request. The grant_type and username parameters must be passed in as raw text in the body of the request.

Example valid response (200 OK)


{
  "access_token": "v8hNJebN2....",
  "token_type": "bearer",
  "expires_in": 604799,
  "refresh_token": "2669808..."
}

 

Example invalid response (400 Bad Request)


{
  "error": "invalid_grant",
  "error_description": "The user name or password is incorrect."
}

 

Refresh Access Token

Gets a new short-lived access token based on a refresh token. Refreshing a token for a client ID will invalidate all previous refresh tokens for that client ID but not existing Access Tokens that may not have expired.Refresh Tokens are valid for 15 days. If your refresh token has expired, you will need to use a username and password to create a new access token.

POST https://spaces.nexudus.com/api/token
grant_type=refresh_token&refresh_token=2669808...
Headers

client_id string required
The client id to refresh the access token for. This must the same as the client id you passed in when creating the access token. If you did not pass a client_id header to get the initial token, you must pass the email used to obtain the initial token as the client_id header to refresh it.

Do not send a JSON body as part of this request. The grant_type and username parameters must be passed in as raw text in the body of the request.

Example valid response (200 OK)


{
    "access_token": "5o8X7pSy....",
    "token_type": "bearer",
    "expires_in": 604799,
    "refresh_token": "c3c14715..."
}

 

Example invalid response (400 Bad Request)


{ 
  "error": "invalid_grant",
  "error_description": "The user name or password is incorrect."
}

 

Was this article helpful?
0 out of 1 found this helpful
Have more questions? Submit a request

Comments

Please sign in to leave a comment.