Access Tokens
Access tokens provide temporary, secure access to the API.
An access token is a unique string that identifies a user and can be used by an app to make API calls. Access tokens can be obtained via one of the OAuth Grant Flows. Tokens include information about when they expire, their scope (which actions they are permitted to take), and which app was used to generate the token.
Every API request requires an access token.
Example access token response from the Authorization Grant Flow:
{
"access_token": "bb409c5df82f2cbb6bcc68718dc6ac7ce66c8be6",
"refresh_token": "bdfcc3a19a8a286934cd357ecf1fff2e96c5f50f",
"expires": "2020-04-13T03:33:41.000Z",
"expires_in": 776000,
"scope": "write",
"token_type": "Bearer"
}
Access Token Properties
Property | Description |
---|---|
access_token | Include this in the Authorization Header when making an API request |
refresh_token | This token can be used to generate a new access token. |
expires | Token expiration date in ISO8061 date format. |
expires_in | Seconds until token expires. |
scope | The actions the token is permitted to take. |
token_type | Type of token. For access tokens this is "Bearer". |
Using an Access Token
API requests are authenticated by including an access token in the Authorization Header with a "Bearer" prefix. You can validate an access token and identify its owner like this:
GET https://api-v2.liondesk.com//me
headers: {
Authorization: "Bearer [access token]",
Content-Type: "application/json"
}
If the token is valid, the token owner will be returned like so:{
"id": 1001,
"first_name": "Steve",
"last_name": "Jobs",
"email": "steve@apple.com",
"timezone_offset": -8,
"created_at": "2013-10-05T06:36:01.000Z",
"modified_at": "2016-12-06T04:02:29.000Z",
"timezone": "America/Los_Angeles"
}
Generating Tokens
Once you create an application, you can generate tokens for yourself and others.
- You can generate a token for yourself by selecting one of your applications and clicking the "Reveal My Access Token" button.
- To generate tokens for other users you'll need to implement one of the OAuth Grant Flows.