How to Create an OAuth Token


 

How to Create the OAuth and Refresh Token

Request Parameters

Parameters can either be in the query string or x-www-urlencoded-form.

Parameter

Description

Required?

code

Authorization code. This is provided in the “code” query parameter of the URL that the /authorize API redirects to after a successful login.

Only when using the authorization_code grant type

grant_type

One of the following:
authorization_code
refresh_token
client_credentials
urn:ietf:params:oauth:client-assertion-type:saml2-bearer

Yes

client_id

SEI's API consumer secret. Provided to API users. 

Yes

client_secret

SEI's API consumer key. Provided to API users.

Yes

endOtherSessions

Ends any other SEI Platform sessions. Used to override the "concurrent user" setting that allows user to maintain multiple sessions. Correct values are true or false with false as the default value.

No

 

Form Parameters

If you are using the client_credentials grant type, pass the following parameters as x-www-urlencoded-form values.

Parameter

Description

Required?

email

SEI login email

Yes

password

SEI login password

Yes

 

If you are using the urn:ietf:params:oauth:client-assertion-type:saml2-bearer grant type to log in using SSO, pass one of the following parameters as x-www-urlencoded-form values. SAML assertions can be constructed in one of two ways: a signed SAMLResponse object or a signed SAMLAssertion object. 

Parameter

Description

Required?

Example

SAMLResponse

This is a Base64 encoded SAMLResponse XML object. This object must be signed by your private key and we must have a copy or your public key on file.

You must pass this or the other parameter

Examples of valid response objects can be found online or from your IdP provider.

SAMLAssertion

This is a Base64 encoded SAMLAssertion XML object. This object must be signed by your private key and we must have a copy or your public key on file.

You must pass this or the other parameter

 
 

Example Response Payload

{

    "access_token": "<access_token>",

    "token_type": "BearerToken",

    "expires_in": 3599,

    "refresh_token": "<refresh_token>",

    "refresh_token_expires_in": 2591999,

    "redirect_url": "https://www.redirect.com",

    "email": "<IL_account_email_address>"

}

Additional Parameters

Parameter

Description

access_token

OAuth Access Token.

expires_in

The lifespan or time-to-live (TTL) of the access token in seconds.

refresh_token

OAuth refresh token. Only sent for Authorization Code flow.

refresh_token_expires_in

Refresh Token expiry time in seconds.
Note: This value is only returned when your application has refresh token support enabled and you use the authorization_code grant type

redirect_url

Redirect URL registered for the client application.

email

User’s email address.