- 27 Oct 2024
- 1 Minute to read
- Print
- DarkLight
- PDF
Get Access Token
- Updated on 27 Oct 2024
- 1 Minute to read
- Print
- DarkLight
- PDF
The REST APIs in C3 are secured by OAuth2.0 based authentication against Azure Active Directory. The APIs expect a valid access token sent as “bearer” token in the request header for the key named Authorization.
Access token can be obtained non-interactively / silently (best suited for apps that run as background jobs or client applications that don’t require user intervention) by calling the Microsoft API with the below detail:
URL
POST https://login.microsoftonline.com/{{tenantID}}/oauth2/token
{{tenantID}} should be replaced with 08e91d7e-4f3f-49a0-8973-8b2547341ec7
Request headers
Key | Value |
Content-Type | application/x-www-form-urlencoded |
Request body
Key | Value |
grant_type | client_credentials |
client_id | <to-be-provided-offline> |
client_secret | <to-be-provided-offline> |
scope | <to-be-provided-offline> |
resource | <to-be-provided-offline> |
Response body
The sample response for the request to the API to get access token looks like below:
{
"token_type": "Bearer",
"expires_in": "3599",
"ext_expires_in": "3599",
"expires_on": "1587227232",
"not_before": "1587223332",
"resource": "001dfc3c-1cbf-406e-b592-de9f67f5ab62",
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IllNRUxIVDBndmIwbXhvU0RvWWZvbWpxZmpZVSIsImtpZCI6IllNRUxIVDBndmIwbXhvU0RvWWZvbWpxZmpZVSJ9.eyJhdWQiOiI1MDg3NTRiNi0xYmY0LTQ1NzgtYjc0Zi01NWE5YWE3ODVhN2IiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC8wOGU5MWQ3ZS00ZjNmLTQ5YTAtODk3My04YjI1NDczNDFlYzcvIiwiaWF0IjoxNTg3MjIzMzMyLCJuYmYiOjE1ODcyMjMzMzIsImV4cCI6MTU4NzIyNzIzMiwiYWlvIjoiNDJkZ1lBZ0krMlh4TVhCZXpPTHpqcXZmZmZHK0R3QT0iLCJhcHBpZCI6Ijk4MTVmNjFhLWJkNjgtNDBiYi1hYzYwLTU3Y2IwYzk1ODg1NCIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0LzA4ZTkxZDdlLTRmM2YtNDlhMC04OTczLThiMjU0NzM0MWVjNy8iLCJ0aWQiOiIwOGU5MWQ3ZS00ZjNmLTQ5YTAtODk3My04YjI1NDczNDFlYzciLCJ1dGkiOiJMVmIzV3dVNGgwZWkxUkJ4U1Q1WUFBIiwidmVyIjoiMS4wIn0.OGpXRfV_9g9IBVDLYCpzDYVnKOexdPdB72yZE8gd30xwpjqjJjEa1r0SKAmbxX3xpWZ4RxZVYW2KvXne0iA_F3wK7KLfxuRmh3-YYk5bo_8FPbLWFxcPGwZt1vLib-0DWuyfUu_90IZ_fzlxSBuuh4B-U0hEzZ-m2vqKBtpeehLT2-_LjkEdraB9rsDJi2eQCF6EbasFpEgMqiq61ysT1hiE_E2Pq5WJqAEKkphHdOwdWZxyBeM6mc_JTpg7hEGiCtQ5W5KooWCjFiBwx2meUJBXxcfnP5JTIo10sTkiTmBmRGz9sKwUjJrf75REzBWUxPJGZQ8bSJNkpLRZzJ8Rdw"
}
The value for the property named access_token should be saved as it will be used in the requests to the C3 REST APIs.