Help Page Home - OAuth
POST authorisation/token-2fa
Request an access token using the password credential grant process. Visit the documentation area on authentication for detailed explanation. Requires that the grant request be performed using a POST request. This is the preferred method. If user has Two-Factor Authentication (2FA) enabled, the API will SMS the one-time password (OTP) / 2FA code to user's registered mobile number and return a 401 "2fa_code_required" error. Repost the request with the 2FA code to get the access token.
Request Information
URI Parameters
| Name | Description | Type | Additional information |
|---|
Body Parameters
OAuthPasswordCredentialsGrantRequest| Name | Description | Type | Additional information |
|---|---|---|---|
| grant_type | The OAuth grant type. For password credential grant, this must be 'password'. | string |
None. |
| username | The username. For example, someone@emailhost.com | string |
None. |
| password | The password of the user. | string |
None. |
| scope | The scope requested. For example, 'full'. | string |
None. |
| verification_code | The 2FA code / one-time password (OTP) that needs to be supplied if 2FA is enabled for user account. This code is sent to user's registered mobile number when you initiate login. | string |
None. |
Request Formats
application/json, text/json
{
"grant_type": "password",
"username": "test@host.com",
"password": "StrongPassword",
"scope": "full",
"verification_code": null
}
application/xml, text/xml
<OAuthPasswordCredentialsGrantRequest xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <grant_type>password</grant_type> <username>test@host.com</username> <password>StrongPassword</password> <scope>full</scope> </OAuthPasswordCredentialsGrantRequest>
Response Information
Resource Description
A token structure that contains the access token to use on subsequent requests, a refresh token to use to return a new access token when the existing one expires, the number of seconds before the token expires (via expires_in field), the scope which contains a space delimited list of file ids that this token has access to, and finally a token type which (in this case) is always "Bearer". For more information on how this data is used, please see this link /Help/Authentication.
| Name | Description | Type | Additional information |
|---|