Access Tokens
All PPW Service endpoints authorize clients through an access token. The client app can receive an access token by using its client credentials.
/auth/token
Client app must use this endpoint to receive an access token.
Request
| Field | Description | Required |
|---|---|---|
grant_type | Client apps must set this to client_credentials | Yes |
client_id | Client app’s client ID | Yes |
client_secret | Client app’s secret | Yes |
scope | Space separated list of scopes | Yes |
As noted in the overview, the body of the request must be a JSON object.
Example:
{
"grant_type": "client_credentials",
"client_id": "ORG_ID-HEX-app-name",
"client_secret": "715713424bf66aea949452...",
"scope": "property-rw workorder-r"
}
curl -H 'Content-Type: application/json' \
-d '{"grant_type": "client_credentials", "client_id": "ORG_ID-HEX-app-name", "client_secret": "715713424bf66aea949452...", "scope": "property-rw workorder-r"}' \
https://ppw.web/svc/auth/token
Response
Example successful response:
{
"token_type": "Bearer",
"expires_in": 3600,
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1Ni..."
}
The client app can now use the access_token to access PPW API
Services.
The expires_in field specifies the number of seconds after which the
access token will expire.
The access token must be treated as an opaque string; it should have
no meaning to the client app other than using it in the
Authorization header in requests to the PPW API Services.
Errors
If the client credentials provided by the client app is invalid, the
endpoint returns a 401 error with a JSON object in this format:
{
"error": "ERROR_TYPE",
"error_description": "Description of the error",
"message": "Same as the error_description in most cases"
}