Authentication

API Endpoint
auth

CMS Authentication API endpoints.

OAuth2

OAuth2 token authorization and revocation.

Issue Tokens

POST auth/issue
RequestsPassword GrantRefresh Token Grant
Headers
Content-Type: application/json
Body
{
  "client_id": "4c0d94df2cf1f1aa8ae0c782ba9109e1",
  "client_secret": "0f06173fbd6b85103037001aa9350f2d",
  "grant_type": "password",
  "username": "some@user.com",
  "password": "sl5Yodlk"
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "client_id": {
      "type": "string"
    },
    "client_secret": {
      "type": "string"
    },
    "grant_type": {
      "type": "string"
    },
    "username": {
      "type": "string",
      "description": "Required when using `password` grant type"
    },
    "password": {
      "type": "string",
      "description": "Required when using `password` grant type"
    }
  },
  "required": [
    "client_id",
    "client_secret",
    "grant_type",
    "username",
    "password"
  ]
}
Responses200401401401422
Headers
Content-Type: application/json
Body
{
  "access_token": "P731h8bKkq3uf100yviL9U7Lmhh31D3zJvkzIdyI",
  "token_type": "Bearer",
  "expires_in": 3600,
  "refresh_token": "2QqPvkpSOAMBDheGvf4Rva42AgCv38WEHc9aoWbc"
}
Headers
Content-Type: application/json
Body
{
  "message": "Client authentication failed."
}
Headers
Content-Type: application/json
Body
{
  "message": "The user credentials were incorrect."
}
Headers
Content-Type: application/json
Body
{
  "message": "The refresh token is invalid."
}
Headers
Content-Type: application/json
Body
{
  "message": "Unprocessable Entity",
  "data": {
    "grant_type": [
      "validation.in"
    ]
  }
}
Headers
Content-Type: application/json
Body
{
  "client_id": "4c0d94df2cf1f1aa8ae0c782ba9109e1",
  "client_secret": "0f06173fbd6b85103037001aa9350f2d",
  "grant_type": "refresh_token",
  "refresh_token": "2QqPvkpSOAMBDheGvf4Rva42AgCv38WEHc9aoWbc"
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "client_id": {
      "type": "string"
    },
    "client_secret": {
      "type": "string"
    },
    "grant_type": {
      "type": "string"
    },
    "refresh_token": {
      "type": "string",
      "description": "Required when using `refresh_token` grant type"
    }
  },
  "required": [
    "client_id",
    "client_secret",
    "grant_type",
    "refresh_token"
  ]
}
Responses200401401401422
Headers
Content-Type: application/json
Body
{
  "access_token": "P731h8bKkq3uf100yviL9U7Lmhh31D3zJvkzIdyI",
  "token_type": "Bearer",
  "expires_in": 3600,
  "refresh_token": "2QqPvkpSOAMBDheGvf4Rva42AgCv38WEHc9aoWbc"
}
Headers
Content-Type: application/json
Body
{
  "message": "Client authentication failed."
}
Headers
Content-Type: application/json
Body
{
  "message": "The user credentials were incorrect."
}
Headers
Content-Type: application/json
Body
{
  "message": "The refresh token is invalid."
}
Headers
Content-Type: application/json
Body
{
  "message": "Unprocessable Entity",
  "data": {
    "grant_type": [
      "validation.in"
    ]
  }
}

Issue a new Access Token
POST/issue

Issues a new access token and starts an API session for a user on providing valid credentials.

The only supported grant types are password and refresh_token.

Revoke Tokens

POST auth/revoke
RequestsPassword RevokeRefresh Token Revoke
Headers
Content-Type: application/json
Body
{
  "token": "P731h8bKkq3uf100yviL9U7Lmhh31D3zJvkzIdyI",
  "token_type_hint": "access_token"
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "token": {
      "type": "string"
    },
    "token_type_hint": {
      "type": "string"
    }
  },
  "required": [
    "token",
    "token_type_hint"
  ]
}
Responses200401422
Headers
Content-Type: application/json
Headers
Content-Type: application/json
Body
{
    message": "The resource owner or authorization server denied the request."
}
Headers
Content-Type: application/json
Body
{
  "message": "Unprocessable Entity",
  "data": {
    "token_type_hint": [
      "validation.in"
    ]
  }
}
Headers
Content-Type: application/json
Body
{
  "token": "2QqPvkpSOAMBDheGvf4Rva42AgCv38WEHc9aoWbc",
  "token_type_hint": "refresh_token"
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "token": {
      "type": "string"
    },
    "token_type_hint": {
      "type": "string"
    }
  },
  "required": [
    "token",
    "token_type_hint"
  ]
}
Responses200401422
Headers
Content-Type: application/json
Headers
Content-Type: application/json
Body
{
    message": "The resource owner or authorization server denied the request."
}
Headers
Content-Type: application/json
Body
{
  "message": "Unprocessable Entity",
  "data": {
    "token_type_hint": [
      "validation.in"
    ]
  }
}

Revoke a Token
POST/revoke

Revokes an access or refresh token.

You must be succesfully authorized for this to be succesful, and the token to revoke must belong to the authorized user.

Note that once authorization succeeds, this will always respond with a 200 OK, regardless of whether the revocation could be performed.

Revocation is implemented roughly according to RFC7009.

Generated by aglio on 04 Aug 2016