Token Endpoint
POST/openapi/v1/oauth/token
Obtain an access token for server-to-server API calls.
Submit your client_id, client_secret, and the target space_id to receive a Bearer token. The token is valid for 1 hour; cache it and request a new one ~60 seconds before expiry.
Request Parameters
Request Body
application/x-www-form-urlencodedgrant_typeRequiredstring
Must be `client_credentials`.
client_credentials
client_idRequiredstring
The app's `client_id`.
client_secretRequiredstring(password)
The app's `client_secret`. Keep this value secure on your server; never expose it to clients.
space_idRequiredstring
The Space (tenant) to act within. The app must be installed in this Space.
scopeOptionalstring
Space-separated scopes to request. If omitted, defaults to all scopes granted to this app in the specified Space.
Request Example
"grant_type=client_credentials&client_id=SGCLxQk2mN8pR4vW1yH3jT5bZ6aE7cF0&client_secret=Kj3mN8pR4vW1xZ6bY2qT5hE9gA0cF7dLsUr4Qz8P&space_id=SGSPxQk2mN8pR4vW1yH3jT5bZ6aE7cF0&scope=envelope%3Acreate+envelope%3Aread"Response Parameters
Response.Data
access_tokenRequiredstring
JWT access token. Valid for 1 hour.
token_typeRequiredstring
Always `Bearer`.
Bearer
expires_inRequiredinteger
Access token lifetime in seconds.
scopeOptionalstring
The scopes granted.
Response Example
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "Bearer",
"expires_in": 3600,
"scope": "envelope:create envelope:read"
}Error Codes
| HTTP Status | Error Code | Description |
|---|---|---|
| 400 | invalid_request | Missing required parameters |
| 400 | invalid_scope | Requested scope exceeds granted scope |
| 400 | invalid_grant | Authorization grant is invalid or expired |
| 400 | unsupported_grant_type | Unsupported grant_type |
| 401 | invalid_client | Invalid client_secret |
| 401 | invalid_client | Unknown or suspended client |
| 500 | server_error | Internal server error. |