SugarCRM SupportProduct GuidesSugar DeveloperSugar Developer Guide 10.3IntegrationWeb ServicesREST APIEndpoints/oauth2/token POST
This release is only available for SugarCloud customers.

/oauth2/token POST

Overview

Retrieves the token portion of the OAuth 2.0 specification.

Request Arguments

Name Type Description Required
grant_type String Type of request. Available grant types are "password" and "refresh_token". True
client_id String Used to identify the client. A client_id of "sugar" will automatically create an OAuth Key in the system that is used for "password" authentication. A client_id of "support_portal" will create an OAuth Key that will allow for portal authentication. Additional client_id's can be created by the administrator in Admin > OAuth Keys to allow for additional grant types. If the client secret is populated, it will be validated against the client id. True
client_secret; String The clients secret key. True
username String The username of the user authenticating to the system. True
password String The plaintext password the user authenticating to the system. True
platform String The platform type. Available types are "base", "mobile", and "portal". True

Request for Password Grant Types

{
   "grant_type":"password",
   "client_id":"sugar",
   "client_secret":"",
   "username":"admin",
   "password":"password",
   "platform":"base"
}

Request for Refresh Token Grant Types

{
    "grant_type":"refresh_token",
    "refresh_token":"c1be5132-655b-1ca3-fb44-512e36709871",
    "client_id":"sugar",
    "client_secret":"",
    "platform":"base"
}

Response Arguments

Name Type Description
access_token String The access token needed to authenticate for other methods.
expires_in Integer The length of time until access_token expires in seconds.
token_type String The token type. Currently only "bearer" is supported.
null|   The Oauth scope. Normally returned as null.
refresh_token String The token needed to extend the access_token expiration timeout.
refresh_expires_in Integer The length of time until refresh_token expires in seconds.
download_token String The token used to download images and files.

Response

{
   "access_token":"802b64c0-5eac-8431-a541-5342d38ac527",
   "expires_in":3600,
   "token_type":"bearer",
   "scope":null,
   "refresh_token":"85053198-24b1-4521-b1a1-5342d382e0b7",
   "refresh_expires_in":1209600,
   "download_token":"8c9b5461-0d95-8d87-6084-5342d357b39e"
}

Change Log

Version Change
v10 Added /oauth2/token POST endpoint.

Last modified: 2021-01-06 23:28:41