Token
https://sandbox-idp.ddp.akoya.com/token
The token endpoint is used to obtain tokens during authorization or to refresh tokens without having to go through authorization again. In each successful token response, you will receive a new id_token and a new refresh_token.
Obtain tokens
To obtain the initial set of tokens or to reauthorize, you will need the following:
grant_type must be set to authorization_code.
redirect_uri must be the same as your app's registered redirect_uri.
code is the authorization code from the end-user's authentication flow. See: Get authorization code.
Security: Include Basic Auth in the header of the call. Select "Basic Auth" in Try it and use your client_id and client_secret as username & password.
Refresh tokens
Refresh token expiration times are set by the provider.
grant_type must be set to refresh_token.
refresh_token must be set to the refresh token received in the most recent, previous obtain or refresh token call for your end-user.
Security: Include your client_id and client_secret in the body of the request. Remove any information from "Basic Auth" (username and password) in Try it.
Responses
Token requests return a new set of tokens. If refreshing or reauthorizing tokens, they will replace the tokens from your previous, successful obtain or refresh token call.
The id_token (JWT) is a short-lived token. It's used as the bearer token for data calls. To ensure data calls are secure, the id_token must be renewed regularly. To retrieve a new id_token, use the refresh token request. Read more about tokens.
Form Data
Obtain tokens
The issued JWT will have an expiration that is set by the provider and will be valid only for the data permissioned by the end-user. Required: - grant_type. Use authorization_code as the grant type. - redirect_uri. You must include your app's registered redirect uri. - code. To obtain id and refresh tokens, you must first obtain an authorization code. Pass it in the body of the request as code. Note, the code expires in 5 minutes.
grant_type*
string
Default
authorization_code
Set to `authorization_code` to indicate an authorization code will be returned
redirect_uri*
string
URI where user will be redirected after end-users authorization is complete. It must be the same as the URI called in the authorization request
code*
string
Authorization code from end-user's authentication.
Refresh tokens
Once the ID Token expires, you will need to call the token endpoint to obtain a new set of tokens. The refresh token expiration is set by the data provider.
grant_type*
string
Default
refresh_token
Set to `refresh_token` to indicate a new id token will be returned
refresh_token*
string
The refresh token
client_id*
string
Your app's client ID from Akoya
client_secret*
string
Your app's Client secret
Responses
200
OK
Response
Response Body
object
token_type
string
expires_in
integer
refresh_token
string
id_token
string
400
Bad Request
Response Body
error
string
error
error_description
string
error_description
401
Unauthorized
Response Body
error
string
error
error_description
string
error_description
Table of contents
Try it
Authorization
const options = {
"method": "POST",
"headers": {
"accept": "application/x-www-form-urlencoded",
"content-type": "application/x-www-form-urlencoded"
},
"body": new URLSearchParams({
"grant_type": "authorization_code",
"redirect_uri": "",
"code": ""
})
}};
fetch('https://sandbox-idp.ddp.akoya.com/token', options)
.then(response => response.json())
.catch(err => console.error(err));