Authentication

Authorization Code Flow

The authorization code is obtained by using an authorization server as an intermediary between the client and resource owner. When calling this method the link to a login page location is returned. Web applications are higly advised to use the Proof Key for Code Exchange scheme (PKCE) for security concerns.

When the client exchanges authorization code to access or refresh tokens, then Authorization header is not required. When the client refreshes a token belonging to a session opened using the refresh_token grant type, then Authorization header is not required. In both cases the client should provide the client_id as a form data parameter to identify itself.

Authenticate with the System Administrator

POST /api/login/oauth/token

Authenticate the PBX system administrator with PortSIP PBX.

Headers

Body

Response

{
    "access_token": "NGFHYTBINGMTN2Y5NY0ZZJK2LWJJM2QTMMM0YTFIYJC0NDAZ",
    "expires_in": 1800,
    "refresh_token": "MTQ0NGE5M2UTMWE1MY01ZGJKLWIZY2QTMJJMZJU5MJVLNTDI",
    "token_type": "Bearer"
}

{
    "errors": [
        {
            "code": "UNAUTHORIZED",
            "message": "Login failed, authentication error"
        }
    ]
}

Authenticate with a Tenant User

POST /api/login/oauth/token

Authenticate the tenant user with the PortSIP PBX.

Headers

Body

Response

Refresh Access Token

POST /api/login/oauth/token

Refresh the access_token using the refresh_token.

Headers

Body

Response

Revoke Access Token

POST /api/login/oauth/revoke

Revoke the current access token.

Headers

Response