Authentication
Passing access tokens
Each API request, regardless of whether you used Client Credentials, or Authorization Code flow will need an Authorization header passing. The access token should be prefixed with the string Bearer
, e.g.
Authorizaton: Bearer <ACCESS_TOKEN>
Access token expiration
Access tokens expire. If this happens you will receive an HTTP 401 Unauthorized
response.
Check the WWW-Authenticate
header for more details. A typical error would be:
Bearer error="invalid_token", error_description="The token expired at '12/23/2020 10:27:15'"
If you are using Authorization Code flow and requested a refresh token, using the offline_access
scope, then you can use the refresh token to request a new access token.
Date/time parameters
Dates or date/times should be passed and received formatted to RFC 3339. This is essentially ISO 8601 format.
Example | Description |
---|---|
2020-12-25 | Effectively 2020-12-25T00:00:00 |
2020-12-25T10:50:00Z | 10:50am UTC on 25 December 2020 |
2020-12-25T10:50:00.5095207Z | High precision date/time |
Comments
0 comments
Please sign in to leave a comment.