Access Tokens

All authentication related paths.

Get an access token for requested scopes

post /auth/token

Get an access token to use with the API with specified scopes.

You should always scope your access tokens. You get one for read-access and separate ones for updating, creating or deleting resources.

Headers

upvest-client-id

string

uuid

required

Tenant Client ID

Example: "ebabcf4d-61c3-4942-875c-e265a7c2d062"

signature

string

required

https://tools.ietf.org/id/draft-ietf-httpbis-message-signatures-01.html#name-the-signature-http-header

signature-input

string

required

https://tools.ietf.org/id/draft-ietf-httpbis-message-signatures-01.html#name-the-signature-input-http-he

upvest-api-version

string

Upvest API version (Note: Do not include quotation marks)

Default: "1"
Enum: 1
Example: 1

Request Body

application/x-www-form-urlencoded

client_id

string

uuid

required

Client ID given during onboarding.

client_secret

string

required

Client Secret given during onboarding.

Max Length: 1000

grant_type

string

required

This must always be client_credentials.

Default: "client_credentials"

scope

string

required

List of space delimited scopes to request for this access token.

Max Length: 1000

Responses

200

Access token successfully generated.

Response Headers

upvest-request-id

string

uuid

Example: "169ae4c7-ebd7-4041-94da-25369653eba7"

Response: application/json

access_token

string

required

The generated access token.

Max Length: 1000

expires_in

int

required

How many seconds the access token is valid for.

token_type

string

required

This is always 'bearer'.

Default: "bearer"

scope

string

required

List of space delimited scopes requested for this access token.

Max Length: 1000

400

Bad Request. The incoming request had a malformed parameter/object.

Response Headers

upvest-request-id

string

uuid

Example: "169ae4c7-ebd7-4041-94da-25369653eba7"

Response: application/problem+json

type

string

required

URL to a document describing the error condition.

status

int

required

Transmission of the HTTP status code so that all information can be found in one place, but also to correct changes in the status code due to the use of proxy servers.

title

string

A short, human-readable title for the general error type; the title should not change for given types.

detail

string

A human-readable description of the specific error.

instance

string

This optional key may be present, with a unique URI for the specific error; this will often point to an error log for that specific response.

request_id

string

Correlation ID for the original request.

401

Unauthorized. The caller has not been authenticated.

Response Headers

upvest-request-id

string

uuid

Example: "169ae4c7-ebd7-4041-94da-25369653eba7"

Response: application/problem+json

type

string

required

URL to a document describing the error condition.

status

int

required

Transmission of the HTTP status code so that all information can be found in one place, but also to correct changes in the status code due to the use of proxy servers.

title

string

A short, human-readable title for the general error type; the title should not change for given types.

detail

string

A human-readable description of the specific error.

instance

string

This optional key may be present, with a unique URI for the specific error; this will often point to an error log for that specific response.

request_id

string

Correlation ID for the original request.

403

Forbidden. The caller has been authenticated but is not allowed to take the requested action.

Response Headers

upvest-request-id

string

uuid

Example: "169ae4c7-ebd7-4041-94da-25369653eba7"

Response: application/problem+json

type

string

required

URL to a document describing the error condition.

status

int

required

Transmission of the HTTP status code so that all information can be found in one place, but also to correct changes in the status code due to the use of proxy servers.

title

string

A short, human-readable title for the general error type; the title should not change for given types.

detail

string

A human-readable description of the specific error.

instance

string

This optional key may be present, with a unique URI for the specific error; this will often point to an error log for that specific response.

request_id

string

Correlation ID for the original request.

406

Not Acceptable. The resource does not have a current representation that would be acceptable to the user agent. "Accept" header defined unsupported value.

Response Headers

upvest-request-id

string

uuid

Example: "169ae4c7-ebd7-4041-94da-25369653eba7"

Response: application/problem+json

type

string

required

URL to a document describing the error condition.

status

int

required

Transmission of the HTTP status code so that all information can be found in one place, but also to correct changes in the status code due to the use of proxy servers.

title

string

A short, human-readable title for the general error type; the title should not change for given types.

detail

string

A human-readable description of the specific error.

instance

string

This optional key may be present, with a unique URI for the specific error; this will often point to an error log for that specific response.

request_id

string

Correlation ID for the original request.

429

Too Many Requests. The caller has exceeded their quota for the time period and has been throttled.

Response Headers

upvest-request-id

string

uuid

Example: "169ae4c7-ebd7-4041-94da-25369653eba7"

Response: application/problem+json

type

string

required

URL to a document describing the error condition.

status

int

required

Transmission of the HTTP status code so that all information can be found in one place, but also to correct changes in the status code due to the use of proxy servers.

title

string

A short, human-readable title for the general error type; the title should not change for given types.

detail

string

A human-readable description of the specific error.

instance

string

This optional key may be present, with a unique URI for the specific error; this will often point to an error log for that specific response.

request_id

string

Correlation ID for the original request.

500

Internal Server Error. The service encountered an unexpected error.

Response Headers

upvest-request-id

string

uuid

Example: "169ae4c7-ebd7-4041-94da-25369653eba7"

Response: application/problem+json

type

string

required

URL to a document describing the error condition.

status

int

required

Transmission of the HTTP status code so that all information can be found in one place, but also to correct changes in the status code due to the use of proxy servers.

title

string

A short, human-readable title for the general error type; the title should not change for given types.

detail

string

A human-readable description of the specific error.

instance

string

This optional key may be present, with a unique URI for the specific error; this will often point to an error log for that specific response.

request_id

string

Correlation ID for the original request.

503

Service Unavailable. The service handling for this request cannot be reached at this time.

Response Headers

upvest-request-id

string

uuid

Example: "169ae4c7-ebd7-4041-94da-25369653eba7"

Response: application/problem+json

type

string

required

URL to a document describing the error condition.

status

int

required

Transmission of the HTTP status code so that all information can be found in one place, but also to correct changes in the status code due to the use of proxy servers.

title

string

A short, human-readable title for the general error type; the title should not change for given types.

detail

string

A human-readable description of the specific error.

instance

string

This optional key may be present, with a unique URI for the specific error; this will often point to an error log for that specific response.

request_id

string

Correlation ID for the original request.

Request Examples

application/x-www-form-urlencoded

{
  "client_id": "363f3305-7ab0-4e82-a158-f9d382ad08b6",
  "client_secret": "WHIW1yic-ouct3sceh",
  "grant_type": "client_credentials",
  "scope": "users:read"
}

Response Examples

200 application/json

{
  "access_token": "token.signature",
  "expires_in": 86400,
  "scope": "users:read",
  "token_type": "bearer"
}

400 application/problem+json

{
  "status": 400,
  "type": "bad_request"
}

401 application/problem+json

{
  "status": 401,
  "type": "unauthorized"
}

403 application/problem+json

{
  "status": 403,
  "type": "forbidden"
}

406 application/problem+json

{
  "status": 406,
  "type": "not_acceptable"
}

429 application/problem+json

{
  "status": 429,
  "type": "too_many_requests"
}

500 application/problem+json

{
  "status": 500,
  "type": "internal_server_error"
}

503 application/problem+json

{
  "status": 503,
  "type": "method_not_allowed"
}

Was this page helpful?