API version:
Oauth tokens
OAuth 2.0 Access Token
Supported Formats
json
POST /oauth/token
Request an Access Token
Requesting an Access Token:
Once an authorization code is obtained, it can be exchanged for an access token. Access tokens expire after two hours but can be re-issued by using the refresh token.
If successfull the access token can be used in subsequent requests to the api. This can be accomplished by including in the header of the request or as a query parameter.
Supported Formats
jsonErrors
Code | Description | Metadata |
---|---|---|
403 | Forbidden | - OAuth2 Error |
Examples
Creating a new OAuth2 Token POST application/x-www-form-urlencoded: curl -F grant_type=authorization_code \ -F client_id=CLIENT_ID \ -F client_secret=CLIENT_SECRET \ -F code=AUTHORIZATION_CODE_FROM_REDIRECT \ -F redirect_uri=REDIRECT_URI \ -X POST https://api.rightsignature.com/oauth/token RESPONSE: { "access_token": ACCESS_TOKEN, "token_type": "bearer", "expires_in": 7200, "refresh_token": REFRESH_TOKEN, "scope": "read", "created_at": 1734566431 } ================================================================================ Refreshing an existing OAuth2 Token POST application/x-www-form-urlencoded: curl -F grant_type=refresh_token \ -F refresh_token=REFRESH_TOKEN \ -F client_id=CLIENT_ID \ -F client_secret=CLIENT_SECRET -X POST https://api.rightsignature.com/oauth/token RESPONSE: { "access_token": ACCESS_TOKEN, "token_type": "bearer", "expires_in": 7200, "refresh_token": REFRESH_TOKEN, "scope": "read", "created_at": 1734566431 }
HEADER: curl --header "Authorization: Bearer a503faf9-45b5-4fec-8334-337284a66ea4" https://api.rightsignature.com/public/v1/documents/12345678 QUERY PARAMETER: curl https://api.rightsignature.com/public/v1/documents/12345678?access_token=a503faf9-45b5-4fec-8334-337284a66ea4
Params
Param name | Description |
---|---|
client_id required |
The API Key's Client ID Validations:
|
client_secret required |
The API Key's Client Secret Validations:
|
redirect_uri required |
The API Key's redirect uri that was used in the authorization grant request Validations:
|
code required |
The code that was included as a param in the redirect after authorizing Validations:
|
POST /oauth/revoke
Revoke an existing Access Token
Revoking an Access Token
Revoking an access token will delete it from the server.
There are 2 ways to authenticate using your client credentials:
-
Using basic auth with the client id as username and secret as password
-
with parameters `client_id` and `client_secret`
This endpoint will always return a 200 response, as per RFC7009.
Supported Formats
jsonErrors
Code | Description | Metadata |
---|---|---|
403 | Forbidden | - OAuth2 Error |
Examples
POST application/x-www-form-urlencoded: curl -d 'token=ACCESS_TOKEN_TO_EXPIRE' -X POST -u 'YOUR_CLIENT_ID:YOUR_CLIENT_SECRET' https://api.rightsignature.com/oauth/revoke RESPONSE: {}
Params
Param name | Description |
---|---|
token required |
The access token to be revoked Validations:
|