POST /auth/token

Request Information

As defined in the OAuth 2.0 protocol, the token request need to be formatted as application/x-www-form-urlencoded.

Resource Description

NameDescriptionTypeAdditional information
client_id

The unique identifier assigned to your application.

string

Required. Use HTTP Basic Authentication as stated in the Note section below.

client_secret

The password for your application.

string

Required. Use HTTP Basic Authentication as stated in the Note section below.

username

The email address of the calling user.

string

Required. Either use Unity credentials or GSM credentials. See Access to Console GSM API for further details about GSM authentication.

password

The password of the calling user.

string

Required. Either use Unity credentials or GSM credentials. See Access to Console GSM API for further details about GSM authentication.

grant_type

MUST be set to "password"

string

Required

scope

Defines the set of operations an access token is permitted to request.

string

Required. See Service Extensions and Scopes for further details.

Note

It is recommended to use the HTTP Basic Authentication scheme (as defined in RFC 2617) for client authentication. Only clients unable to directly utilize the HTTP Basic Authentication should send "client_id" and "client_secret" in the request body. In order for a client to use HTTP Basic Authentication, the following steps need to be performed:

  • Concatenate "client_id" and "client_secret" with a colon in between: {client_id}:{client_secret}
  • Base64-encode the concatenated string.
  • Add the following Authorization header to the request: Basic {Base64-encoded-string}

Request Format (with HTTP Basic Authentication)

POST /auth/token HTTP/1.1
Authorization: Basic bXlUZXN0QXBwOm15U2VjcmV0
Content-Type: application/x-www-form-urlencoded
username=test1%40email.com&password=pwd123&grant_type=password&scope=ecom.orders+ecom.licenses
        

Request Format (with "client_id" and "client_secret" in request body)

POST /auth/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
client_id=myTestApp&client_secret=mySecret&username=test1%40email.com&password=pwd123&grant_type=password&scope=ecom.orders+ecom.licenses
        

Response Information

As defined in the OAuth 2.0 protocol, the token response is formatted as JSON.

Resource Description

NameDescriptionTypeAdditional information
access_token

The access token used to send authenticated requests to the Unity API.

string

Required

token_type

Identifies the type of token. This field is always set to "bearer".

string

Required

expires_in

The lifetime of the access token in seconds.

number

Required

refresh_token

The refresh token used for refreshing (obtaining a new) access token.

string

Required

scope

The set of operations the issued access token is permitted to request.

string

Required

Response Format

{
    "access_token": "E0wcZcGpktnJCiB5U-ftsWQ1t0_7m6ATX_NxznQO7QvbMKhIF09XqJCWI2NVCX1yoc36OlrrxRxPzjAD5OtKz2bBCZJ9e1tuej9eSkul9SXV0U4wijzDN-l7
                     l6jt161IKxTg-O8IG0MEO5FRzSJIsfSFWnKeSLQc-X7Rj0OBKQBb91NKpvietzm3jcKIhZlalFrBT7QWahV5yVEwI7khazPm-jWnX97WVBPUE9TIZTijP0jmM-d9wvl-L
                     xHtOELpZnl7jDybSzLZJX0vkG_lBGqtKMnrwXLvEQdRsRL3Vcuo10dJ3EC9VWI0j2F-3ryhJCzBWQ",
    "token_type": "bearer",
    "expires_in": 299,
    "refresh_token": "276927f4e97a46db8b94fda24d52d93d",
    "scope": "[\"ECom.Licenses\",\"ECom.Orders\"]"
}