Explore

Discover Start Explore Model Integrate Engage

Discover Start Explore Model Integrate Engage

Accelerate the Value of Data

Explore

Explore Contents

Get a crash course

Get to know Reltio

Get your bearings in Reltio

Chart your course

Embark on your journey

Get going with APIs and ROCS utilities

Reltio REST APIs

Explore APIs

Authentication API

Access Token Response

Access Token Response

If the access token request is valid and authorized, the authorization server issues an access token and optional refresh token.

The authorization response is constructed by adding the following parameters to the entity-body of the HTTP response with a 200 (OK) status code:

Table 1. Access Token Authorization Response Parameters
Token	Option	Description
`access_token`	REQUIRED	The access token issued by the authorization server.
`token_type`	REQUIRED	The type of the token issued. Value is case insensitive.
`expires_in`	RECOMMENDED	The lifetime in seconds of the access token. For example, the value "3600" denotes that the access token will expire in one hour from the time the response was generated. If omitted, the authorization server SHOULD provide the expiration time via other means or document the default value.
`refresh_token`	OPTIONAL	The refresh token, which can be used to obtain new access tokens using the same authorization grant.
`scope`	OPTIONAL	Identical to the scope of the configured application client.

Note: A refresh token WILL NOT be included.

Successful Response

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache
 
{
"access_token":"2YotnFZFEjr1zCsicMWpAA",
"token_type":"example",
"expires_in":3600,
}

Error Response

If the request failed client authentication or is invalid, the authorization server returns a single ASCII (USASCII) error code response of one of the following.


Error	Description
`invalid_request`	The request is missing a required parameter, includes an unsupported parameter value (other than grant type), repeats a parameter, includes multiple credentials, utilizes more than one mechanism for authenticating the client, or is otherwise malformed.
`invalid_client`	Client authentication failed (For example: unknown client, no client authentication included, or unsupported authentication method). The authorization server MAY return an `HTTP 401` (Unauthorized) status code to indicate which HTTP authentication schemes are supported. If the client attempted to authenticate via the "Authorization" request header field, the authorization server MUST respond with an `HTTP 401` (Unauthorized) status code and include the "`WWW-Authenticate`" response header field matching the authentication scheme used by the client.
`invalid_grant`	The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.
`unauthorized_client`	The authenticated client is not authorized to use this authorization grant type.
`unsupported_grant_type`	The authorization grant type is not supported by the authorization server.
`invalid_scope`	The requested scope is invalid, unknown, malformed, or exceeds the scope granted by the resource owner.

Updated on March 6, 2024

You've found your way to a temporary environment. Content is not complete or final. Looking for Reltio documentation? Go to docs.reltio.com.