Authentication (OAuth)
Overview
Tencent eSign OAuth 2.0 Authorization Service provides secure API access for application integrations.
Supported Grant Type:
client_credentials— Server-to-server integration. Confidential clients only (client_secretrequired).
Client Credentials Flow
Steps:
- Backend service posts directly to
POST /openapi/v1/oauth/tokenwithclient_credentialsgrant - Authorization Server authenticates client, validates Space membership and scope
- Issues
access_token(1h) — norefresh_tokenfor this grant type - Service caches token and re-requests ~60s before expiry
Token Lifecycle
| Token | TTL | Storage | Notes |
|---|---|---|---|
| Access Token | 1 hour | JWT (stateless) | — |
Scope Format
Scopes are space-separated strings: envelope:create envelope:read
Currently supported scopes:
envelope:create— Create and send envelopesenvelope:read— Read envelope status and details