Authentication
Authorization Code Flow
The authorization code is obtained by using an authorization server as an intermediary between the client and resource owner. When calling this method the link to a login page location is returned. Web applications are higly advised to use the Proof Key for Code Exchange scheme (PKCE) for security concerns.
When the client exchanges authorization code to access or refresh tokens, then Authorization
header is not required. When the client refreshes a token belonging to a session opened using the refresh_token
grant type, then Authorization
header is not required. In both cases the client should provide the client_id
as a form data parameter to identify itself.
Authenticate with the System Administrator
POST
/api/login/oauth/token
Authenticate the PBX system administrator with PortSIP PBX.
Headers
Content-Type
application/x-www-form-urlencoded
Body
grant_type
string
The value is always "password".
username
string
The user name of the System Administrator.
password
string
The password of the System Administrator.
scope
string
The value is always "all"
clicent_id
string
The value is always "9d806019-75b2-4b3d-bb8b-f5a3a412cc0a".
Response
Authenticate with a Tenant User
POST
/api/login/oauth/token
Authenticate the tenant user with the PortSIP PBX.
Headers
Content-Type
application/x-www-form-urlencoded
Body
grant_type
string
The value is always "password".
username
string
The user name of the tenant.
domain
string
The SIP domain of tenant.
password
string
The password of the user.
scope
string
The value is always "all"
clicent_id
string
The value is always "9d806019-75b2-4b3d-bb8b-f5a3a412cc0a".
Response
Refresh Access Token
POST
/api/login/oauth/token
Refresh the access_token
using the refresh_token
.
Headers
Content-Type
application/x-www-form-urlencoded
Body
grant_type
string
The value is always "refresh_token".
refresh_token
string
The refresh token is obtained from the response of the authentication.
clicent_id
string
The value is always "9d806019-75b2-4b3d-bb8b-f5a3a412cc0a".
Response
Revoke Access Token
POST
/api/login/oauth/revoke
Revoke the current access token.
Headers
Content-Type
application/json
Authorization
Bearer <token>
Response
Last updated