The /token API call requests an access token from the server which can be used to authorize subsequent API calls.
All API calls except /token require a valid access token (JWT) to be passed with the header of the request as a "Authorization: Bearer ..." header or the server will abort with a 401 NOT AUTHENTICATED error.
Supported HTTP methods: POST
POST /token
Requests an access token for the user specified with the parameters added to this call. The parameter to this request must be passed as HTML form style parameters (application/x-www-form-urlencoded). The same end point is used to get a new and to renew an existing token.
Parameters:
| Name | Value |
|---|---|
| username | The name of the user to log in. Must be a valid user name known to the sat-nms M&C application. |
| password | The password supplied by the user for login (clear text). |
| grant_type | One of 'password' or 'refresh_token' |
| refresh_token | A valid refresh token, making the backend to reply with a new version of the existing access token linked to this refresh token. |
The grant_type parameter is mandatory, if it is set to 'password' the parameters password and username are requires as well. If grant_type is set to 'refresh_token', the parameter refresh_token is mandatory as well.
On success the API call returns a TokenReply document containing beside other information the access token and a refresh token to renew the access token.
Return Codes:
| Code | Description |
|---|---|
| 200 | OK, login was successful. A TokenReply document is replied. |
| 400 | grant_type is neiter 'password' nor 'refresh_token' |
| 401 | Login failed. In this case a ApiError document is returned, describing details of the error. This happens either with grant_type='password' and invalid credentials or with grant_type='refresh_token' and an invalid refresh token. |