POST authorisation/token-2fa

Request an access token using the password credential grant process. Visit the documentation area on authentication for detailed explanation. Requires that the grant request be performed using a POST request. This is the preferred method. If user has Two-Factor Authentication (2FA) enabled, the API will SMS the one-time password (OTP) / 2FA code to user's registered mobile number and return a 401 "2fa_code_required" error. Repost the request with the 2FA code to get the access token.

Request Information

URI Parameters

Name Description Type Additional information

Body Parameters

OAuthPasswordCredentialsGrantRequest
Name Description Type Additional information
grant_type The OAuth grant type. For password credential grant, this must be 'password'. string

None.

username The username. For example, someone@emailhost.com string

None.

password The password of the user. string

None.

scope The scope requested. For example, 'full'. string

None.

verification_code The 2FA code / one-time password (OTP) that needs to be supplied if 2FA is enabled for user account. This code is sent to user's registered mobile number when you initiate login. string

None.

Request Formats

application/json, text/json

Sample:
{
  "grant_type": "password",
  "username": "test@host.com",
  "password": "StrongPassword",
  "scope": "full",
  "verification_code": null
}

application/xml, text/xml

Sample:
<OAuthPasswordCredentialsGrantRequest xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <grant_type>password</grant_type>
  <username>test@host.com</username>
  <password>StrongPassword</password>
  <scope>full</scope>
</OAuthPasswordCredentialsGrantRequest>

Response Information

Resource Description

A token structure that contains the access token to use on subsequent requests, a refresh token to use to return a new access token when the existing one expires, the number of seconds before the token expires (via expires_in field), the scope which contains a space delimited list of file ids that this token has access to, and finally a token type which (in this case) is always "Bearer". For more information on how this data is used, please see this link /Help/Authentication.

Name Description Type Additional information