Authentication
Last updated
Last updated
The authorization code is obtained by using an authorization server as an intermediary between the client and resource owner. When calling this method the link to a login page location is returned. Web applications are higly advised to use the Proof Key for Code Exchange scheme (PKCE) for security concerns.
When the client exchanges authorization code to access or refresh tokens, then Authorization header is not required. When the client refreshes a token belonging to a session opened using the refresh_token grant type, then Authorization header is not required. In both cases the client should provide the client_id as a form data parameter to identify itself.
POST /api/login/oauth/token
Authenticate the PBX system administrator with PortSIP PBX.
Headers
| Name | Value |
|---|---|
Body
| Name | Type | Description |
|---|---|---|
Response
POST /api/login/oauth/token
Authenticate the tenant user with the PortSIP PBX.
Headers
Body
Response
POST /api/login/oauth/token
Refresh the access_token using the refresh_token.
Headers
Body
Response
POST /api/login/oauth/revoke
Revoke the current access token.
Headers
Response
| Name | Value |
|---|---|
| Name | Type | Description |
|---|---|---|
| Name | Value |
|---|---|
| Name | Type | Description |
|---|---|---|
| Name | Value |
|---|---|
Content-Type
application/x-www-form-urlencoded
grant_type
string
The value is always "password".
username
string
The user name of the System Administrator.
password
string
The password of the System Administrator.
scope
string
The value is always "all"
clicent_id
string
The value is always "9d806019-75b2-4b3d-bb8b-f5a3a412cc0a".
Content-Type
application/x-www-form-urlencoded
grant_type
string
The value is always "password".
username
string
The user name of the tenant.
domain
string
The SIP domain of tenant.
password
string
The password of the user.
scope
string
The value is always "all"
clicent_id
string
The value is always "9d806019-75b2-4b3d-bb8b-f5a3a412cc0a".
Content-Type
application/x-www-form-urlencoded
grant_type
string
The value is always "refresh_token".
refresh_token
string
The refresh token is obtained from the response of the authentication.
clicent_id
string
The value is always "9d806019-75b2-4b3d-bb8b-f5a3a412cc0a".
Content-Type
application/json
Authorization
Bearer <token>