ORESTAPI oauth2 access_token



About access_token



Request - authorization_code

ItemDescriptionNotes
endpoint/orestapi/oauth2/access_token
http methodPOST
Header
Authorization

OAuth


Parametershttps://tools.ietf.org/html/rfc6749#section-4.1.1
grant_type

REQUIRED

Value MUST be set to "authorization_code".

Use "authorization_code", it is a static value

code

REQUIRED

The authorization code received from the authorization server

Created during ORESTAPI oauth2 authorization
redirect_uri

REQUIRED

x-www-form-urlencoded format

If the "redirect_uri" parameter was included in the authorization request as described in Section 4.1.1, and their values MUST be identical.

client_id

REQUIRED


The client_id of the application making the request
client_secret

REQUIRED

The client_secret of the application making the request


Request - refresh_token

ItemDescriptionNotes
endpoint/orestapi/oauth2/access_tokendedikált, saját fejlesztésű endpoint oauth2 authorization code access_token folyamathoz
http methodPOST
Header
authorization

Basic

"Basic" + " " + base64 encoded client_id:client_secret

Parameters

grant_type

REQUIRED

Value MUST be set to "refresh_token"

Use "reresh_token", it is a static value

refresh_token

REQUIRED

The refresh_token

Should be valid, if not, error is returned


Response

ParentKeyValue TypeDescriptionNotes
-
access_token
string

Generated by Odoo

Reusable within expiry.

See settings at ORESTAPI Applications

-
token_type
string

Bearer

Static value

-
expires_in
integer360 secondsSee settings at ORESTAPI Applications
-
refresh_token
string

Generated by Odoo

Reusable within expiry

Expires in 3600s (10x the access_token). Upon every successful access_token request a new refresh_token is generated, so the validity time is prolonged.