Requesting and Validating an Access Token
Note
If you have not obtained your Application's Client Credentials, check getting started for more information on requesting developer access.
Requesting a Token
In order to make authenticated requests to the Konexus Platform API, you must first retrieve an access token from the token_endpoint described in Retrieve OpenID Configuration Information.
POST - https://auth.alertsense.com/connect/token
CONTENT-TYPE application/x-www-form-urlencoded
client_id=ext-1741-sample-client&
client_secret=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&
grant_type=client_credentials&
scope=tamarack
{
"access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6Ijg4Qzc1Nzg2RTkzMjUyN0U3M0VFOEM4MDE2NzY0NDRBOTBBQjk2REVSUzI1NiIsIng1dCI6ImlNZFhodWt5VW41ejdveUFGblpFU3BDcmx0NCIsInR5cCI6ImF0K2p3dCJ9.eyJpc3MiOiJodHRwczovL2F1dGguYWxlcnRzZW5zZS5jb20iLCJuYmYiOjE3NTM4MTcyNDIsImlhdCI6MTc1MzgxNzI0MiwiZXhwIjoxNzUzODIwODQyLCJhdWQiOiJ0YW1hcmFjayIsInNjb3BlIjpbInRhbWFyYWNrIl0sImNsaWVudF9pZCI6ImV4dC0xNzQxLXNhbXBsZS1jbGllbnQiLCJhZG1pbiI6ImZhbHNlIiwiZ2xvYmFsVGVuYW50SWQiOiJpZC5rb25leHVzY3AiLCJuYW1lIjoiS29uZXh1cyAoQ1ApIC0gU2FtcGxlIFRoaXJkIFBhcnR5IEF1dGhlbnRpY2F0aW9uIiwic3ViIjoiOTc0ODk5IiwidGVuYW50SWQiOiIxNzQxIiwianRpIjoiNERGOEVGNUIzQUQ4RTVEMTA5QjM5MkNDMEVDMjY1ODAifQ.Th-XrKJE72CWb8NArGmc4ZzQt9NSvpmgZwun4qV9YatH9dvv17OsFbwt1tBgTHx1jtVPyZ9kudNRKvWy713wQxhFlqnIEwk6RUIBR9Y3iWtozMexw81-33CUIrbKLYnQJ02kpMumpMtbcSBfs0muX7SHLYEORSuudngIKZwVHPTi3n70nk8eojAuesn9KnqLANPY1Th65sBa1bdWlbfUztCyP4fQFHgkFPLqlhRiB6tDYQgVnCAZLsy7Hbe5LEjuf6YkXePYKm1InVh56uJWTQl-fPbyDa6h4nch9FJlpha49aoK-nzbsvmDD9HSxoQt7uwIh_BtmO4wiHR2fGDdAJ2D4p-cTi6dXsqSVsu0kVD6-3ylqz88K1AxVCcSKRRWai6mIF0oBRsIaebIxjYjjZBCQByigfI_E2e_dZeh9-2S-SRp5jw4qaro6JcOcAedS9GB0sfmCwERgfBXXOaiFDnHCnZC91XLA1CgdP0J7dZPO0P7zhSMcNojSYnqoIo-YSSrwdNAaX7kUmUB8Zsgs6_ykyPSAd4x8hxcMKz3NH5seKm0hvQr3pLJj31QUGjrKrhBB-FvtzEBKC4td7d-Tvf6AcBVlP11OTjFQNxquhnHx4CZc-I6Kub1YGzu225E9uGhLuzg0qqA92mvfzpsnGrdG-fRYhzXCpO0ANi-s10",
"expires_in": 3600,
"token_type": "Bearer",
"scope": "tamarack"
}
Request Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| client_id | String | The access token issued by the authorization server. | |
| client_secret | String | The type of the token issued as described in RFC 6749 Section 7.1. Value is case insensitive. | |
| grant_type | Number | The lifetime in seconds of the access token. For example, the value "3600" denotes that the access token will expire in one hour from the time the response was generated. If omitted, the authorization server SHOULD provide the expiration time via other means or document the default value. | |
| scope | String | OPTIONAL, if identical to the scope requested by the client; otherwise, REQUIRED. The scope of the access token as described by RFC 6749 Section 3.3. |
Response Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| access_token | String | The access token issued by the authorization server. | |
| token_type | String | The type of the token issued as described in RFC 6749 Section 7.1. Value is case insensitive. | |
| expires_in | Number | The lifetime in seconds of the access token. For example, the value "3600" denotes that the access token will expire in one hour from the time the response was generated. If omitted, the authorization server SHOULD provide the expiration time via other means or document the default value. | |
| scope | String | OPTIONAL, if identical to the scope requested by the client; otherwise, REQUIRED. The scope of the access token as described by RFC 6749 Section 3.3. |
Validating an Access Token
The data associated with an access token typically includes the client ID, the requested scopes, an expiration time, and user information in case of an interactive application. Konexus issues Access Tokens as JSON Web Tokens (JWTs).
In the case of JWTs, all claims are embedded into the token itself, e.g.:
{
"iss": "https://auth.alertsense.com",
"nbf": 1753817242,
"iat": 1753817242,
"exp": 1753820842,
"aud": "tamarack",
"scope": [
"tamarack"
],
"client_id": "ext-1741-sample-client",
"admin": "false",
"name": "Sample Third Party Authentication",
"sub": "XXXXXX",
"tenantId": "XXXX",
}
Before utilizing an Access Token, you will want to verify the expiration time and Json Web Signature included with the Access Token.
Konexus issued Access Tokens are inteaded to be included as Bearer Tokens for all requests to the Koenxus Platform API.