Access Tokens

Download Spec

All authentication related paths.

Get an access token for requested scopes

post /auth/token

Get an access token to use with the API with specified scopes.

You should always scope your access tokens. You get one for read-access and separate ones for updating, creating or deleting resources.

upvest-client-id

string

uuid

required

Tenant Client ID

Example
"ebabcf4d-61c3-4942-875c-e265a7c2d062"

signature

string

required

https://tools.ietf.org/id/draft-ietf-httpbis-message-signatures-01.html#name-the-signature-http-header

signature-input

string

required

https://tools.ietf.org/id/draft-ietf-httpbis-message-signatures-01.html#name-the-signature-input-http-he

upvest-api-version

string

Upvest API version (Note: Do not include quotation marks)

Default
"1"
Enum
  • 1
Example
1

client_id

string

uuid

required

Client ID given during onboarding.

client_secret

string

required

Client Secret given during onboarding.

Max Length
1000

grant_type

string

required

This must always be client_credentials.

Default
"client_credentials"

scope

string

required

List of space delimited scopes to request for this access token.

Max Length
1000

Request

{
  "client_id": "363f3305-7ab0-4e82-a158-f9d382ad08b6",
  "client_secret": "WHIW1yic-ouct3sceh",
  "grant_type": "client_credentials",
  "scope": "users:read"
}

Response

Examples Schema

Access token successfully generated.

{
  "access_token": "token.signature",
  "expires_in": 86400,
  "token_type": "bearer",
  "scope": "users:read"
}

Bad Request. The incoming request had a malformed parameter/object.

{
  "status": 400,
  "type": "bad_request"
}

Unauthorized. The caller has not been authenticated.

{
  "status": 401,
  "type": "unauthorized"
}

Forbidden. The caller has been authenticated but is not allowed to take the requested action.

{
  "status": 403,
  "type": "forbidden"
}

Not Acceptable. The resource does not have a current representation that would be acceptable to the user agent. "Accept" header defined unsupported value.

{
  "status": 406,
  "type": "not_acceptable"
}

Too Many Requests. The caller has exceeded their quota for the time period and has been throttled.

{
  "status": 429,
  "type": "too_many_requests"
}

Internal Server Error. The service encountered an unexpected error.

{
  "status": 500,
  "type": "internal_server_error"
}

Service Unavailable. The service handling for this request cannot be reached at this time.

{
  "status": 503,
  "type": "method_not_allowed"
}

Gateway Timeout. The service gateway has reached its internal timeout.

{
  "status": 504,
  "type": "gateway_timeout"
}

access_token

string

required

The generated access token.

Max Length
1000

expires_in

int

required

How many seconds the access token is valid for.

token_type

string

required

This is always 'bearer'.

Default
"bearer"

scope

string

required

List of space delimited scopes requested for this access token.

Max Length
1000

upvest-request-id

string

uuid

Example
"169ae4c7-ebd7-4041-94da-25369653eba7"

type

string

required

URL to a document describing the error condition.

status

int

required

Transmission of the HTTP status code so that all information can be found in one place, but also to correct changes in the status code due to the use of proxy servers.

title

string

A short, human-readable title for the general error type; the title should not change for given types.

detail

string

A human-readable description of the specific error.

instance

string

This optional key may be present, with a unique URI for the specific error; this will often point to an error log for that specific response.

request_id

string

Correlation ID for the original request.

upvest-request-id

string

uuid

Example
"169ae4c7-ebd7-4041-94da-25369653eba7"

type

string

required

URL to a document describing the error condition.

status

int

required

Transmission of the HTTP status code so that all information can be found in one place, but also to correct changes in the status code due to the use of proxy servers.

title

string

A short, human-readable title for the general error type; the title should not change for given types.

detail

string

A human-readable description of the specific error.

instance

string

This optional key may be present, with a unique URI for the specific error; this will often point to an error log for that specific response.

request_id

string

Correlation ID for the original request.

upvest-request-id

string

uuid

Example
"169ae4c7-ebd7-4041-94da-25369653eba7"

type

string

required

URL to a document describing the error condition.

status

int

required

Transmission of the HTTP status code so that all information can be found in one place, but also to correct changes in the status code due to the use of proxy servers.

title

string

A short, human-readable title for the general error type; the title should not change for given types.

detail

string

A human-readable description of the specific error.

instance

string

This optional key may be present, with a unique URI for the specific error; this will often point to an error log for that specific response.

request_id

string

Correlation ID for the original request.

upvest-request-id

string

uuid

Example
"169ae4c7-ebd7-4041-94da-25369653eba7"

type

string

required

URL to a document describing the error condition.

status

int

required

Transmission of the HTTP status code so that all information can be found in one place, but also to correct changes in the status code due to the use of proxy servers.

title

string

A short, human-readable title for the general error type; the title should not change for given types.

detail

string

A human-readable description of the specific error.

instance

string

This optional key may be present, with a unique URI for the specific error; this will often point to an error log for that specific response.

request_id

string

Correlation ID for the original request.

upvest-request-id

string

uuid

Example
"169ae4c7-ebd7-4041-94da-25369653eba7"

type

string

required

URL to a document describing the error condition.

status

int

required

Transmission of the HTTP status code so that all information can be found in one place, but also to correct changes in the status code due to the use of proxy servers.

title

string

A short, human-readable title for the general error type; the title should not change for given types.

detail

string

A human-readable description of the specific error.

instance

string

This optional key may be present, with a unique URI for the specific error; this will often point to an error log for that specific response.

request_id

string

Correlation ID for the original request.

upvest-request-id

string

uuid

Example
"169ae4c7-ebd7-4041-94da-25369653eba7"

type

string

required

URL to a document describing the error condition.

status

int

required

Transmission of the HTTP status code so that all information can be found in one place, but also to correct changes in the status code due to the use of proxy servers.

title

string

A short, human-readable title for the general error type; the title should not change for given types.

detail

string

A human-readable description of the specific error.

instance

string

This optional key may be present, with a unique URI for the specific error; this will often point to an error log for that specific response.

request_id

string

Correlation ID for the original request.

upvest-request-id

string

uuid

Example
"169ae4c7-ebd7-4041-94da-25369653eba7"

type

string

required

URL to a document describing the error condition.

status

int

required

Transmission of the HTTP status code so that all information can be found in one place, but also to correct changes in the status code due to the use of proxy servers.

title

string

A short, human-readable title for the general error type; the title should not change for given types.

detail

string

A human-readable description of the specific error.

instance

string

This optional key may be present, with a unique URI for the specific error; this will often point to an error log for that specific response.

request_id

string

Correlation ID for the original request.

upvest-request-id

string

uuid

Example
"169ae4c7-ebd7-4041-94da-25369653eba7"

type

string

required

URL to a document describing the error condition.

status

int

required

Transmission of the HTTP status code so that all information can be found in one place, but also to correct changes in the status code due to the use of proxy servers.

title

string

A short, human-readable title for the general error type; the title should not change for given types.

detail

string

A human-readable description of the specific error.

instance

string

This optional key may be present, with a unique URI for the specific error; this will often point to an error log for that specific response.

request_id

string

Correlation ID for the original request.

upvest-request-id

string

uuid

Example
"169ae4c7-ebd7-4041-94da-25369653eba7"

Was this page helpful?