RightSignature

Supported Formats

json

POST /oauth/token
Request an Access Token

Requesting an Access Token:

Once an authorization code is obtained, it can be exchanged for an access token. Access tokens expire after two hours but can be re-issued by using the refresh token.

If successfull the access token can be used in subsequent requests to the api. This can be accomplished by including in the header of the request or as a query parameter.

Supported Formats

json

Errors

Code Description Metadata
403 Forbidden
- OAuth2 Error

Examples

Creating a new OAuth2 Token

  POST application/x-www-form-urlencoded:

  curl -F grant_type=authorization_code \
  -F client_id=CLIENT_ID \
  -F client_secret=CLIENT_SECRET \
  -F code=AUTHORIZATION_CODE_FROM_REDIRECT \
  -F redirect_uri=REDIRECT_URI \
  -X POST https://api.rightsignature.com/oauth/token


  RESPONSE:

  {
    "access_token":  ACCESS_TOKEN,
    "token_type":    "bearer",
    "expires_in":    7200,
    "refresh_token": REFRESH_TOKEN,
    "scope":         "read",
    "created_at":    1573626319
  }

================================================================================

Refreshing an existing OAuth2 Token

  POST application/x-www-form-urlencoded:

  curl -F grant_type=refresh_token \
  -F refresh_token=REFRESH_TOKEN \
  -F client_id=CLIENT_ID \
  -F client_secret=CLIENT_SECRET
  -X POST https://api.rightsignature.com/oauth/token


  RESPONSE:

  {
    "access_token":  ACCESS_TOKEN,
    "token_type":    "bearer",
    "expires_in":    7200,
    "refresh_token": REFRESH_TOKEN,
    "scope":         "read",
    "created_at":    1573626319
  }
HEADER:

curl --header "Authorization: Bearer a503faf9-45b5-4fec-8334-337284a66ea4" https://api.rightsignature.com/public/v1/documents/12345678

QUERY PARAMETER:

curl https://api.rightsignature.com/public/v1/documents/12345678?access_token=a503faf9-45b5-4fec-8334-337284a66ea4

Params

Param name Description
client_id
required

The API Key's Client ID

Validations:

  • Must be a String

client_secret
required

The API Key's Client Secret

Validations:

  • Must be a String

redirect_uri
required

The API Key's redirect uri that was used in the authorization grant request

Validations:

  • Must be a String

code
required

The code that was included as a param in the redirect after authorizing

Validations:

  • Must be a String


POST /oauth/revoke
Revoke an existing Access Token

Revoking an Access Token

Revoking an access token will delete it from the server.

There are 2 ways to authenticate using your client credentials:

  • Using basic auth with the client id as username and secret as password

  • with parameters `client_id` and `client_secret`

This endpoint will always return a 200 response, as per RFC7009.

Supported Formats

json

Errors

Code Description Metadata
403 Forbidden
- OAuth2 Error

Examples

POST application/x-www-form-urlencoded:

curl -d 'token=ACCESS_TOKEN_TO_EXPIRE' -X POST -u 'YOUR_CLIENT_ID:YOUR_CLIENT_SECRET' https://api.rightsignature.com/oauth/revoke

RESPONSE:
{}

Params

Param name Description
token
required

The access token to be revoked

Validations:

  • Must be a String