Zephr User Guide

Get the User Token

5 views 0

You can see the authorisation code that must be used in the first API call in the developer tools pane.

To locate the authorisation code, complete the following steps:

  1. In the consent page, right-click to display the context menu
  2. Select Inspect

    The developer tools pane displays.

  3. Select Network from the options in the developer tool pane. If you cannot see Network, select the arrows to display more options
  4. Select the Allow button in the consent page

    The authorisation code is displayed in the developer tools pane as illustrated below:

    Authorisation Code in Developer Tools

The endpoint token exchange call is on the Admin Console. The token exchange uses Basic Authorization, which uses the Client ID and Client Secret shown in the Third Party Authentication screen.

Note: The Client ID and Client Secret are displayed in the Third Party Authentication screen if you have enabled OAuth 2.0 in the third-party authentication settings and saved the site.

The payload must contain the following:

  • Authorization code
  • Redirect URI
  • Grant Type

For example, the following cURL request uses an authorization code of Basic, a redirect URL of https://thirdpartyurl.com/auth/callback and a grant type of authorization_code:

curl --location --request POST
'https://console.zephr.com/zephr/oauth2/token' \
--header 'Authorization: Basic
ZzQya3R1dXl5cHE5Om12dty2x3bXJycGgwNW95YjBzdmVud2V0OQ==' \
--header 'Content-Type: application/json' \
--data-raw '{
    "code": "kcpa10fzqa9nmut95duwok0c",
    "redirect_uri": "https://thirdparyurl.com/auth/callback",
    "grant_type": "authorization_code"

The response body returned for a successful token exchange request is similar to the following:

    "scope": "user.account:read, user.profile:read",
    "access_token": "oa_rrcly8rsusfc1e5sdgxzv8uh",
    "token_type": "bearer",
    "expires_in": 3600,
    "refresh_token": "1if5j2aaverj80tx2nvvvutq",
    "user_id": "68c0f5ae-f857-408f-a9d6-f511df0f8ae8"

The access code from the response body is used in a second API call using bearer token authentication to get or update the user information. For further information on the API calls, refer to the Public API documentation. If the access token for the user has expired, you can use the refresh_token parameter in the API call, as shown in the following example cURL command:

curl --location --request POST
'https://console.zephr.com/zephr/oauth2/token' \
--header 'Authorization: Basic
ZzQya3R1dXl5cHE5Om12d2x3bXJycGgwNW95YjBzdmVud2V0OQ==' \
--header 'Content-Type: application/json' \
--data-raw '{
    "refresh_token": "1if5j2aaverj80tx2nvvvutq",
    "grant_type": "refresh_token"