Access Tokens

Access tokens provide temporary, secure access to the API.

An access token is a unique string that identifies a user and can be used by an app to make API calls. Access tokens can be obtained via one of the OAuth Grant Flows. Tokens include information about when they expire, their scope (which actions they are permitted to take), and which app was used to generate the token.

Every API request requires an access token.

Example access token response from the Authorization Grant Flow:

{ "access_token": "bb409c5df82f2cbb6bcc68718dc6ac7ce66c8be6", "refresh_token": "bdfcc3a19a8a286934cd357ecf1fff2e96c5f50f", "expires": "2020-04-13T03:33:41.000Z", "expires_in": 776000, "scope": "write", "token_type": "Bearer" }

Access Token Properties
PropertyDescription
access_tokenInclude this in the Authorization Header when making an API request
refresh_tokenThis token can be used to generate a new access token.
expiresToken expiration date in ISO8061 date format.
expires_inSeconds until token expires.
scopeThe actions the token is permitted to take.
token_typeType of token. For access tokens this is "Bearer".

Using an Access Token

API requests are authenticated by including an access token in the Authorization Header with a "Bearer" prefix. You can validate an access token and identify its owner like this:

GET https://api-v2.liondesk.com//me headers: { Authorization: "Bearer [access token]", Content-Type: "application/json" }

If the token is valid, the token owner will be returned like so:{ "id": 1001, "first_name": "Steve", "last_name": "Jobs", "email": "steve@apple.com", "timezone_offset": -8, "created_at": "2013-10-05T06:36:01.000Z", "modified_at": "2016-12-06T04:02:29.000Z", "timezone": "America/Los_Angeles" }

Generating Tokens

Once you create an application, you can generate tokens for yourself and others.