POST /auth/token
Request Information
As defined in the OAuth 2.0 protocol, the token request need to be formatted as application/x-www-form-urlencoded.
Resource Description
| Name | Description | Type | Additional information |
|---|---|---|---|
| client_id |
The unique identifier assigned to your application. |
string |
Required. Use HTTP Basic Authentication as stated in the Note section below. |
| client_secret |
The password for your application. |
string |
Required. Use HTTP Basic Authentication as stated in the Note section below. |
| refresh_token |
The refresh token received from the previous token request. |
string |
Required |
| grant_type |
MUST be set to "refresh_token" |
string |
Required |
| scope |
Defines the set of operations an access token is permitted to request. |
string |
Required. See Service Extensions and Scopes for further details. |
Note
It is recommended to use the HTTP Basic Authentication scheme (as defined in RFC 2617) for client authentication. Only clients unable to directly utilize the HTTP Basic Authentication should send "client_id" and "client_secret" in the request body. In order for a client to use HTTP Basic Authentication, the following steps need to be performed:
- Concatenate "client_id" and "client_secret" with a colon in between: {client_id}:{client_secret}
- Base64-encode the concatenated string.
- Add the following Authorization header to the request: Basic {Base64-encoded-string}
Request Format (with HTTP Basic Authentication)
POST /auth/token HTTP/1.1 Authorization: Basic bXlUZXN0QXBwOm15U2VjcmV0 Content-Type: application/x-www-form-urlencoded refresh_token=e638d190ecec49aa80157e86fb11e4e5&grant_type=refresh_token&scope=ecom.shop
Request Format (with "client_id" and "client_secret" in request body)
POST /auth/token HTTP/1.1 Content-Type: application/x-www-form-urlencoded client_id=myTestApp&client_secret=mySecret&refresh_token=e638d190ecec49aa80157e86fb11e4e5&grant_type=refresh_token&scope=ecom.shop
Response Information
As defined in the OAuth 2.0 protocol, the token response is formatted as JSON.
Resource Description
| Name | Description | Type | Additional information |
|---|---|---|---|
| access_token |
The access token used to send authenticated requests to the Unity API. |
string |
Required |
| token_type |
Identifies the type of token. This field is always set to "bearer". |
string |
Required |
| expires_in |
The lifetime of the access token in seconds. |
number |
Required |
| refresh_token |
The refresh token used for refreshing (obtaining a new) access token. |
string |
Required |
| scope |
The set of operations the issued access token is permitted to request. |
string |
Required |
Response Format
{
"access_token": "E0wcZcGpktnJCiB5U-ftsWQ1t0_7m6ATX_NxznQO7QvbMKhIF09XqJCWI2NVCX1yoc36OlrrxRxPzjAD5OtKz2bBCZJ9e1tuej9eSkul9SXV0U4wijzDN-l7
l6jt161IKxTg-O8IG0MEO5FRzSJIsfSFWnKeSLQc-X7Rj0OBKQBb91NKpvietzm3jcKIhZlalFrBT7QWahV5yVEwI7khazPm-jWnX97WVBPUE9TIZTijP0jmM-d9wvl-L
xHtOELpZnl7jDybSzLZJX0vkG_lBGqtKMnrwXLvEQdRsRL3Vcuo10dJ3EC9VWI0j2F-3ryhJCzBWQ",
"token_type": "bearer",
"expires_in": 299,
"refresh_token": "276927f4e97a46db8b94fda24d52d93d",
"scope": "[\"ECom.Shop\"]"
}