Authentication
Authorization Code Flow
The authorization code is obtained by using an authorization server as an intermediary between the client and resource owner. When calling this method the link to a login page location is returned. Web applications are higly advised to use the Proof Key for Code Exchange scheme (PKCE) for security concerns.
When the client exchanges authorization code to access or refresh tokens, then Authorization
header is not required. When the client refreshes a token belonging to a session opened using the refresh_token
grant type, then Authorization
header is not required. In both cases the client should provide the client_id
as a form data parameter to identify itself.
Authenticate with the System Administrator
POST
/api/login/oauth/token
Authenticate the PBX system administrator with PortSIP PBX.
Headers
Body
Response
Authenticate with a Tenant User
POST
/api/login/oauth/token
Authenticate the tenant user with the PortSIP PBX.
Headers
Body
Response
Refresh Access Token
POST
/api/login/oauth/token
Refresh the access_token
using the refresh_token
.
Headers
Body
Response
Revoke Access Token
POST
/api/login/oauth/revoke
Revoke the current access token.
Headers
Response
Last updated