Authentication
Authorization Code Flow
The authorization code is obtained by using an authorization server as an intermediary between the client and resource owner. When calling this method the link to a login page location is returned. Web applications are higly advised to use the Proof Key for Code Exchange scheme (PKCE) for security concerns.
When the client exchanges authorization code to access or refresh tokens, then Authorization
header is not required. When the client refreshes a token belonging to a session opened using the refresh_token
grant type, then Authorization
header is not required. In both cases the client should provide the client_id
as a form data parameter to identify itself.
Authenticate with the System Administrator
POST
/api/login/oauth/token
Authenticate the PBX system administrator with PortSIP PBX.
Headers
Name | Value |
---|---|
Content-Type |
|
Body
Name | Type | Description |
---|---|---|
grant_type | string | The value is always "password". |
username | string | The user name of the System Administrator. |
password | string | The password of the System Administrator. |
scope | string | The value is always "all" |
clicent_id | string | The value is always "9d806019-75b2-4b3d-bb8b-f5a3a412cc0a". |
Response
Authenticate with a Tenant User
POST
/api/login/oauth/token
Authenticate the tenant user with the PortSIP PBX.
Headers
Name | Value |
---|---|
Content-Type |
|
Body
Name | Type | Description |
---|---|---|
grant_type | string | The value is always "password". |
username | string | The user name of the tenant. |
domain | string | The SIP domain of tenant. |
password | string | The password of the user. |
scope | string | The value is always "all" |
clicent_id | string | The value is always "9d806019-75b2-4b3d-bb8b-f5a3a412cc0a". |
Response
Refresh Access Token
POST
/api/login/oauth/token
Refresh the access_token
using the refresh_token
.
Headers
Name | Value |
---|---|
Content-Type |
|
Body
Name | Type | Description |
---|---|---|
grant_type | string | The value is always "refresh_token". |
refresh_token | string | The refresh token is obtained from the response of the authentication. |
clicent_id | string | The value is always "9d806019-75b2-4b3d-bb8b-f5a3a412cc0a". |
Response
Revoke Access Token
POST
/api/login/oauth/revoke
Revoke the current access token.
Headers
Name | Value |
---|---|
Content-Type |
|
Authorization |
|
Response
Last updated