Conventions

Authentication

Passing access tokens

Each API request, regardless of whether you used Client Credentials, or Authorization Code flow will need an Authorization header passing. The access token should be prefixed with the string Bearer , e.g.

Authorizaton: Bearer <ACCESS_TOKEN>

Access token expiration

Access tokens expire. If this happens you will receive an HTTP 401 Unauthorized response.

Check the WWW-Authenticate header for more details. A typical error would be:

Bearer error="invalid_token", error_description="The token expired at '12/23/2020 10:27:15'"

If you are using Authorization Code flow and requested a refresh token, using the offline_access scope, then you can use the refresh token to request a new access token.

Date/time parameters

Dates or date/times should be passed and received formatted to RFC 3339. This is essentially ISO 8601 format.

Example Description
2020-12-25 Effectively 2020-12-25T00:00:00
2020-12-25T10:50:00Z 10:50am UTC on 25 December 2020
2020-12-25T10:50:00.5095207Z High precision date/time

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.