Authorization¶
Authorize user¶
GET https://account.averdoc.com/connect/authorize
Authorize a user by sending them through the Averdoc website and request their permission to act on their behalf.
curl -g --request GET 'https://account.averdoc.com/connect/authorize?client_id=[clientID]&redirect_uri=[redirectURI]&scope=email averdoc.api offline_access&response_type=code&response_mode=query'
Request access token¶
POST https://account.averdoc.com/connect/token
Request an Access Token using a client-side obtained OAuth 2.0 authorization code
Sample request:
curl --request POST 'https://account.averdoc.com/connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'code=[authorization_code]' \
--data-urlencode 'client_id=[clientID]' \
--data-urlencode 'redirect_uri=[redirectURI]' \
--data-urlencode 'scope=email averdoc.api offline_access'
POST /connect/token
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&code=%5Bauthorization_code%5D&client_id=%5BclientID%5D&redirect_uri=%5BredirectURI%5D&scope=email%20averdoc.api%20offline_access
Response:
{
"access_token":"eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDQkMtSFM ...",
"expires_in": 3600,
"id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjVBNUZENDBDME ...",
"refresh_token":"eyJhbGciOi8mWIiOiI3Yjk1ODljZS0yOTg5LTQ4YmEtYTM ...",
"scope": "openid profile email averdoc.app offline_access",
"token_type": "Bearer"
}
| Responses | |
|---|---|
| 200: OK | Return access token and refresh token |
| 400: Bad Request | An authentication error |
| 401: Unauthorized | Validation Failed |
Refresh access token¶
POST https://account.averdoc.com/connect/token
Refresh an Access Token using its client ID, secret, and refresh token.
Sample request:
curl --request POST 'https://account.averdoc.com/connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=refresh_token' \
--data-urlencode 'refresh_token=eyJhbGciOi8mWIiOiI3Yjk1ODljZS0yOTg5LTQ4YmEtYTM ...' \
--data-urlencode 'client_id=[clientID]'
POST /connect/token
Content-Type: application/x-www-form-urlencoded
grant_type=refresh_token&client_id=averdocclient&refresh_token=eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDQkMtSFM1MTIiLCJraWQiOiI1QTVGRDQwQzBGNzU0NTFCNTY4NDdGMDg1ODE2NDNDODRBM0Q5MkVDIiwidHlwIjoib2lfcmVmdCtqd3Qif%20...
Response:
{
"access_token":"eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDQkMtSFM ...",
"expires_in": 3600,
"id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjVBNUZENDBDME ...",
"refresh_token":"eyJhbGciOi8mWIiOiI3Yjk1ODljZS0yOTg5LTQ4YmEtYTM ...",
"scope": "openid profile email averdoc.app offline_access",
"token_type": "Bearer"
}
| Responses | |
|---|---|
| 200: OK | Return new access token and new refresh token |
| 400: Bad Request | An authentication error |
| 401: Unauthorized | Validation Failed |