Operating Model:

Access Tokens

Download Spec

All authentication related paths.

Get an access token for requested scopes

post /auth/token

Get an access token to use with the API with specified scopes.

You should always scope your access tokens. You get one for read-access and separate ones for updating, creating or deleting resources.

upvest-client-id

string

uuid

required

Tenant Client ID

Example
"ebabcf4d-61c3-4942-875c-e265a7c2d062"

signature

string

required

https://tools.ietf.org/id/draft-ietf-httpbis-message-signatures-01.html#name-the-signature-http-header

signature-input

string

required

https://tools.ietf.org/id/draft-ietf-httpbis-message-signatures-01.html#name-the-signature-input-http-he

upvest-api-version

string

Upvest API version (Note: Do not include quotation marks)

Default
"1"
Enum
  • 1
Example
1

application/x-www-form-urlencoded

client_id

string

uuid

required

Client ID given during onboarding.

client_secret

string

required

Client Secret given during onboarding.

Max Length
1000

grant_type

string

required

This must always be client_credentials.

Default
"client_credentials"

scope

string

required

List of space delimited scopes to request for this access token.

Max Length
1000

Responses

Response Headers

upvest-request-id

string

uuid

Example
"169ae4c7-ebd7-4041-94da-25369653eba7"

Response: application/json

access_token

string

required

The generated access token.

Max Length
1000

expires_in

int

required

How many seconds the access token is valid for.

token_type

string

required

This is always 'bearer'.

Default
"bearer"

scope

string

required

List of space delimited scopes requested for this access token.

Max Length
1000

Response Headers

upvest-request-id

string

uuid

Example
"169ae4c7-ebd7-4041-94da-25369653eba7"

Response: application/problem+json

type

string

required

URL to a document describing the error condition.

status

int

required

Transmission of the HTTP status code so that all information can be found in one place, but also to correct changes in the status code due to the use of proxy servers.

title

string

A short, human-readable title for the general error type; the title should not change for given types.

detail

string

A human-readable description of the specific error.

instance

string

This optional key may be present, with a unique URI for the specific error; this will often point to an error log for that specific response.

request_id

string

Correlation ID for the original request.

Response Headers

upvest-request-id

string

uuid

Example
"169ae4c7-ebd7-4041-94da-25369653eba7"

Response: application/problem+json

type

string

required

URL to a document describing the error condition.

status

int

required

Transmission of the HTTP status code so that all information can be found in one place, but also to correct changes in the status code due to the use of proxy servers.

title

string

A short, human-readable title for the general error type; the title should not change for given types.

detail

string

A human-readable description of the specific error.

instance

string

This optional key may be present, with a unique URI for the specific error; this will often point to an error log for that specific response.

request_id

string

Correlation ID for the original request.

Response Headers

upvest-request-id

string

uuid

Example
"169ae4c7-ebd7-4041-94da-25369653eba7"

Response: application/problem+json

type

string

required

URL to a document describing the error condition.

status

int

required

Transmission of the HTTP status code so that all information can be found in one place, but also to correct changes in the status code due to the use of proxy servers.

title

string

A short, human-readable title for the general error type; the title should not change for given types.

detail

string

A human-readable description of the specific error.

instance

string

This optional key may be present, with a unique URI for the specific error; this will often point to an error log for that specific response.

request_id

string

Correlation ID for the original request.

Response Headers

upvest-request-id

string

uuid

Example
"169ae4c7-ebd7-4041-94da-25369653eba7"

Response: application/problem+json

type

string

required

URL to a document describing the error condition.

status

int

required

Transmission of the HTTP status code so that all information can be found in one place, but also to correct changes in the status code due to the use of proxy servers.

title

string

A short, human-readable title for the general error type; the title should not change for given types.

detail

string

A human-readable description of the specific error.

instance

string

This optional key may be present, with a unique URI for the specific error; this will often point to an error log for that specific response.

request_id

string

Correlation ID for the original request.

Response Headers

upvest-request-id

string

uuid

Example
"169ae4c7-ebd7-4041-94da-25369653eba7"

Response: application/problem+json

type

string

required

URL to a document describing the error condition.

status

int

required

Transmission of the HTTP status code so that all information can be found in one place, but also to correct changes in the status code due to the use of proxy servers.

title

string

A short, human-readable title for the general error type; the title should not change for given types.

detail

string

A human-readable description of the specific error.

instance

string

This optional key may be present, with a unique URI for the specific error; this will often point to an error log for that specific response.

request_id

string

Correlation ID for the original request.

Response Headers

upvest-request-id

string

uuid

Example
"169ae4c7-ebd7-4041-94da-25369653eba7"

Response: application/problem+json

type

string

required

URL to a document describing the error condition.

status

int

required

Transmission of the HTTP status code so that all information can be found in one place, but also to correct changes in the status code due to the use of proxy servers.

title

string

A short, human-readable title for the general error type; the title should not change for given types.

detail

string

A human-readable description of the specific error.

instance

string

This optional key may be present, with a unique URI for the specific error; this will often point to an error log for that specific response.

request_id

string

Correlation ID for the original request.

Response Headers

upvest-request-id

string

uuid

Example
"169ae4c7-ebd7-4041-94da-25369653eba7"

Response: application/problem+json

type

string

required

URL to a document describing the error condition.

status

int

required

Transmission of the HTTP status code so that all information can be found in one place, but also to correct changes in the status code due to the use of proxy servers.

title

string

A short, human-readable title for the general error type; the title should not change for given types.

detail

string

A human-readable description of the specific error.

instance

string

This optional key may be present, with a unique URI for the specific error; this will often point to an error log for that specific response.

request_id

string

Correlation ID for the original request.

Request Examples

{
  "client_id": "363f3305-7ab0-4e82-a158-f9d382ad08b6",
  "client_secret": "WHIW1yic-ouct3sceh",
  "grant_type": "client_credentials",
  "scope": "users:read"
}

Response Examples

{
  "access_token": "token.signature",
  "expires_in": 86400,
  "scope": "users:read",
  "token_type": "bearer"
}
{
  "status": 400,
  "type": "bad_request"
}
{
  "status": 401,
  "type": "unauthorized"
}
{
  "status": 403,
  "type": "forbidden"
}
{
  "status": 406,
  "type": "not_acceptable"
}
{
  "status": 429,
  "type": "too_many_requests"
}
{
  "status": 500,
  "type": "internal_server_error"
}
{
  "status": 503,
  "type": "method_not_allowed"
}

Was this page helpful?