Get Access Token
    • 27 Oct 2024
    • 1 Minute to read
    • Dark
      Light
    • PDF

    Get Access Token

    • Dark
      Light
    • PDF

    Article summary

    The REST APIs in C3 are secured by OAuth2.0 based authentication against Azure Active Directory. The APIs expect a valid access token sent as “bearer” token in the request header for the key named Authorization.

    Access token can be obtained non-interactively / silently (best suited for apps that run as background jobs or client applications that don’t require user intervention) by calling the Microsoft API with the below detail:

    URL

    POST https://login.microsoftonline.com/{{tenantID}}/oauth2/token

    {{tenantID}} should be replaced with 08e91d7e-4f3f-49a0-8973-8b2547341ec7

    Request headers

    Key

    Value

    Content-Type

    application/x-www-form-urlencoded

    Request body

    Key

    Value

    grant_type

    client_credentials

    client_id

    <to-be-provided-offline>

    client_secret

    <to-be-provided-offline>

    scope

    <to-be-provided-offline>

    resource

    <to-be-provided-offline>

    Response body

    The sample response for the request to the API to get access token looks like below:

    {
    
        "token_type": "Bearer",
    
        "expires_in": "3599",
    
        "ext_expires_in": "3599",
    
        "expires_on": "1587227232",
    
        "not_before": "1587223332",
    
        "resource": "001dfc3c-1cbf-406e-b592-de9f67f5ab62",
    
        "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IllNRUxIVDBndmIwbXhvU0RvWWZvbWpxZmpZVSIsImtpZCI6IllNRUxIVDBndmIwbXhvU0RvWWZvbWpxZmpZVSJ9.eyJhdWQiOiI1MDg3NTRiNi0xYmY0LTQ1NzgtYjc0Zi01NWE5YWE3ODVhN2IiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC8wOGU5MWQ3ZS00ZjNmLTQ5YTAtODk3My04YjI1NDczNDFlYzcvIiwiaWF0IjoxNTg3MjIzMzMyLCJuYmYiOjE1ODcyMjMzMzIsImV4cCI6MTU4NzIyNzIzMiwiYWlvIjoiNDJkZ1lBZ0krMlh4TVhCZXpPTHpqcXZmZmZHK0R3QT0iLCJhcHBpZCI6Ijk4MTVmNjFhLWJkNjgtNDBiYi1hYzYwLTU3Y2IwYzk1ODg1NCIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0LzA4ZTkxZDdlLTRmM2YtNDlhMC04OTczLThiMjU0NzM0MWVjNy8iLCJ0aWQiOiIwOGU5MWQ3ZS00ZjNmLTQ5YTAtODk3My04YjI1NDczNDFlYzciLCJ1dGkiOiJMVmIzV3dVNGgwZWkxUkJ4U1Q1WUFBIiwidmVyIjoiMS4wIn0.OGpXRfV_9g9IBVDLYCpzDYVnKOexdPdB72yZE8gd30xwpjqjJjEa1r0SKAmbxX3xpWZ4RxZVYW2KvXne0iA_F3wK7KLfxuRmh3-YYk5bo_8FPbLWFxcPGwZt1vLib-0DWuyfUu_90IZ_fzlxSBuuh4B-U0hEzZ-m2vqKBtpeehLT2-_LjkEdraB9rsDJi2eQCF6EbasFpEgMqiq61ysT1hiE_E2Pq5WJqAEKkphHdOwdWZxyBeM6mc_JTpg7hEGiCtQ5W5KooWCjFiBwx2meUJBXxcfnP5JTIo10sTkiTmBmRGz9sKwUjJrf75REzBWUxPJGZQ8bSJNkpLRZzJ8Rdw"
    
    }

    The value for the property named access_token should be saved as it will be used in the requests to the C3 REST APIs.


    Was this article helpful?