Auth API
POST /auth/oauth2/token
This API grants an access token for service accounts using the OAuth2 Client Credentials flow.
Operation: the server validates the service account credentials and grants a valid access token for authenticated service accounts.
Required Fields:
- grant_type (string, required): Must be "client_credentials" (fixed value).
- client_id (string, required): Service account nickname.
- client_secret (string, required): Service account API key (either apiKey0 or apiKey1).
Optional Fields:
- ttl (number, optional): Token expiration time in seconds. Must be greater than 0 and less than or equal to 3600 (1 hour). Defaults to 600 seconds (10 minutes) if not specified.
Example Request (JSON)
POST /auth/oauth2/token
Content-Type: application/json
{
"grant_type": "client_credentials",
"client_id": "<service_account_nick>",
"client_secret": "<api_key>",
"ttl": 3600
}Error Handling
404 Not Found
- Condition: feature has not been enabled. Contact Case IQ support for assistance.
- Response: Endpoint returns 404.
501 Not Implemented
- Condition: Invalid grant_type value (must be "client_credentials").
- Response Body:
{
"error": "unsupported_grant_type"
}401 Unauthorized
- Condition: Invalid client_id or client_secret (service account credentials).
- Response Body:
{
"error": "invalid_client"
}400 Bad Request - Invalid TTL
- Condition: ttl value fails validation (must be: 0 < value <= 3600)
- Response Body:
{
"error": "invalid_request",
"error_description": "Requested ttl of <value> is greater than the maximum value 3600"
}400 Bad Request - Invalid Scope
- Condition: Request includes a scope parameter (scope is not supported).
- Response Body:
{
"error": "invalid_scope",
"error_description": "Scope is not supported"
}