POST authorisation/token-2fa

Request an access token using the password credential grant process. Visit the documentation area on authentication for detailed explanation. Requires that the grant request be performed using a POST request. This is the preferred method. If user has Two-Factor Authentication (2FA) enabled, the API will SMS the one-time password (OTP) / 2FA code to user's registered mobile number and return a 401 "2fa_code_required" error. Repost the request with the 2FA code to get the access token.

Request Information

URI Parameters

Name Description Type Additional information

Body Parameters

Name Description Type Additional information
grant_type The OAuth grant type. For password credential grant, this must be 'password'. string


username The username. For example, string


password The password of the user. string


scope The scope requested. For example, 'full'. string


verification_code The 2FA code / one-time password (OTP) that needs to be supplied if 2FA is enabled for user account. This code is sent to user's registered mobile number when you initiate login. string


Request Formats

application/json, text/json

  "grant_type": "password",
  "username": "",
  "password": "StrongPassword",
  "scope": "full",
  "verification_code": null

application/xml, text/xml

<OAuthPasswordCredentialsGrantRequest xmlns:xsd="" xmlns:xsi="">

Response Information

Resource Description

A token structure that contains the access token to use on subsequent requests, a refresh token to use to return a new access token when the existing one expires, the number of seconds before the token expires (via expires_in field), the scope which contains a space delimited list of file ids that this token has access to, and finally a token type which (in this case) is always "Bearer". For more information on how this data is used, please see this link /Help/Authentication.

Name Description Type Additional information