Operating Model:
Operating Model:

Access Tokens

Download Spec

All authentication related paths.

Get an access token for requested scopes

post /auth/token

Get an access token to use with the API with specified scopes.

You should always scope your access tokens. You get one for read-access and separate ones for updating, creating or deleting resources.

upvest-client-id

string

uuid

required

Example
"ebabcf4d-61c3-4942-875c-e265a7c2d062"

signature

string

required

signature-input

string

required

upvest-api-version

string

Default
"1"
Enum
  • 1

application/x-www-form-urlencoded

client_id

string

uuid

required

Client ID given during onboarding.

client_secret

string

required

Client Secret given during onboarding.

Max Length
1000

grant_type

string

required

This must always be client_credentials.

Default
"client_credentials"

scope

string

required

List of space delimited scopes to request for this access token.

Max Length
1000

Responses

Response Headers

upvest-request-id

string

uuid

Example
"169ae4c7-ebd7-4041-94da-25369653eba7"

Response: application/json

access_token

string

required

The generated access token.

Max Length
1000

expires_in

int

required

How many seconds the access token is valid for.

token_type

string

required

This is always 'bearer'.

Default
"bearer"

scope

string

required

List of space delimited scopes requested for this access token.

Max Length
1000

Response Headers

upvest-request-id

string

uuid

Example
"169ae4c7-ebd7-4041-94da-25369653eba7"

Response: application/problem+json

type

string

required

URL to a document describing the error condition.

status

int

required

Conveying the HTTP status code; this is so that all information is in one place, but also to correct for changes in the status code due to the usage of proxy servers.

title

string

A short, human-readable title for the general error type; the title should not change for given types.

detail

string

A human-readable description of the specific error.

instance

string

This optional key may be present, with a unique URI for the specific error; this will often point to an error log for that specific response.

request_id

string

Correlation ID for the original request.

Response Headers

upvest-request-id

string

uuid

Example
"169ae4c7-ebd7-4041-94da-25369653eba7"

Response: application/problem+json

type

string

required

URL to a document describing the error condition.

status

int

required

Conveying the HTTP status code; this is so that all information is in one place, but also to correct for changes in the status code due to the usage of proxy servers.

title

string

A short, human-readable title for the general error type; the title should not change for given types.

detail

string

A human-readable description of the specific error.

instance

string

This optional key may be present, with a unique URI for the specific error; this will often point to an error log for that specific response.

request_id

string

Correlation ID for the original request.

Response Headers

upvest-request-id

string

uuid

Example
"169ae4c7-ebd7-4041-94da-25369653eba7"

Response: application/problem+json

type

string

required

URL to a document describing the error condition.

status

int

required

Conveying the HTTP status code; this is so that all information is in one place, but also to correct for changes in the status code due to the usage of proxy servers.

title

string

A short, human-readable title for the general error type; the title should not change for given types.

detail

string

A human-readable description of the specific error.

instance

string

This optional key may be present, with a unique URI for the specific error; this will often point to an error log for that specific response.

request_id

string

Correlation ID for the original request.

Response Headers

upvest-request-id

string

uuid

Example
"169ae4c7-ebd7-4041-94da-25369653eba7"

Response: application/problem+json

type

string

required

URL to a document describing the error condition.

status

int

required

Conveying the HTTP status code; this is so that all information is in one place, but also to correct for changes in the status code due to the usage of proxy servers.

title

string

A short, human-readable title for the general error type; the title should not change for given types.

detail

string

A human-readable description of the specific error.

instance

string

This optional key may be present, with a unique URI for the specific error; this will often point to an error log for that specific response.

request_id

string

Correlation ID for the original request.

Response Headers

upvest-request-id

string

uuid

Example
"169ae4c7-ebd7-4041-94da-25369653eba7"

Response: application/problem+json

type

string

required

URL to a document describing the error condition.

status

int

required

Conveying the HTTP status code; this is so that all information is in one place, but also to correct for changes in the status code due to the usage of proxy servers.

title

string

A short, human-readable title for the general error type; the title should not change for given types.

detail

string

A human-readable description of the specific error.

instance

string

This optional key may be present, with a unique URI for the specific error; this will often point to an error log for that specific response.

request_id

string

Correlation ID for the original request.

Response Headers

upvest-request-id

string

uuid

Example
"169ae4c7-ebd7-4041-94da-25369653eba7"

Response: application/problem+json

type

string

required

URL to a document describing the error condition.

status

int

required

Conveying the HTTP status code; this is so that all information is in one place, but also to correct for changes in the status code due to the usage of proxy servers.

title

string

A short, human-readable title for the general error type; the title should not change for given types.

detail

string

A human-readable description of the specific error.

instance

string

This optional key may be present, with a unique URI for the specific error; this will often point to an error log for that specific response.

request_id

string

Correlation ID for the original request.

Response Headers

upvest-request-id

string

uuid

Example
"169ae4c7-ebd7-4041-94da-25369653eba7"

Response: application/problem+json

type

string

required

URL to a document describing the error condition.

status

int

required

Conveying the HTTP status code; this is so that all information is in one place, but also to correct for changes in the status code due to the usage of proxy servers.

title

string

A short, human-readable title for the general error type; the title should not change for given types.

detail

string

A human-readable description of the specific error.

instance

string

This optional key may be present, with a unique URI for the specific error; this will often point to an error log for that specific response.

request_id

string

Correlation ID for the original request.

Request Examples

{
  "client_id": "363f3305-7ab0-4e82-a158-f9d382ad08b6",
  "client_secret": "WHIW1yic-ouct3sceh",
  "grant_type": "client_credentials",
  "scope": "users:read"
}

Response Examples

{
  "access_token": "token.signature",
  "expires_in": 86400,
  "scope": "users:read",
  "token_type": "bearer"
}
{
  "status": 400,
  "type": "bad_request"
}
{
  "status": 401,
  "type": "unauthorized"
}
{
  "status": 403,
  "type": "forbidden"
}
{
  "status": 406,
  "type": "not_acceptable"
}
{
  "status": 429,
  "type": "too_many_requests"
}
{
  "status": 500,
  "type": "internal_server_error"
}
{
  "status": 503,
  "type": "method_not_allowed"
}

Was this page helpful?