All Products
Search

This Product

    Identity as a Service:FetchOAuthAuthenticationToken

    Document Center

    Identity as a Service:FetchOAuthAuthenticationToken

    Last Updated:Mar 18, 2026

    Fetches a valid OAuth authentication token.

    Operation description

    This API performs identity authentication and authorization using an access token issued by IDaaS.

    Ensure that the access token has permission to obtain authentication tokens from the built-in Privileged Access Management (PAM) application in IDaaS.

    Note

    The corresponding scope is urn:cloud:idaas:pam|authentication_token:obtain.

    Try it now

    Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

    Test

    RAM authorization

    No authorization for this operation. If you encounter issues with this operation, contact technical support.

    Request syntax

    POST /v2/{instanceId}/authenticationTokens/_/actions/fetchOAuthAccessToken HTTP/1.1

    Path Parameters

    Parameter

    Type

    Required

    Description

    Example
    instanceId

    string

    Yes

    The instance ID.

    idaas_ue2jvisn35ea5lmthk267xxxxx

    Request parameters

    Parameter

    Type

    Required

    Description

    Example
    Authorization

    string

    Yes

    The authentication information. The format is `Bearer ${access_token}`.

    Note

    Enter the access token issued by IDaaS.

    Bearer xxxxxx
    body

    object

    No

    The request body.

    credentialProviderIdentifier

    string

    Yes

    The identifier of the credential provider.

    test_example_identifier
    scope

    string

    No

    The scope for the OAuth protocol.

    Note

    If you do not specify this parameter, the scope of the issued OAuth access token is determined by the scope configuration of the credential provider.

    Important Separate multiple scope values with spaces.

    example:test_01 example:test_02

    Response elements

    Element

    Type

    Description

    Example

    object

    The details of the OAuth authentication token.

    instanceId

    string

    The instance ID.

    idaas_ue2jvisn35ea5lmthk267xxxxx
    authenticationTokenId

    string

    The authentication token ID.

    atntkn_01kqflm0sxxx8nmdc1cb5dskxxxxx
    credentialProviderId

    string

    The credential provider ID.

    atp_01kr2cmj5gxxx4fvmls2e93dxxxxx
    createTime

    integer

    The time when the authentication token was created. This is a UNIX timestamp in milliseconds.

    1649830225000
    updateTime

    integer

    The time when the authentication token was last updated. This is a UNIX timestamp in milliseconds.

    1649830225000
    authenticationTokenType

    string

    The type of the authentication token.

    Note

    The value is fixed to oauth_access_token, which indicates an OAuth access token.

    oauth_access_token
    revoked

    boolean

    Indicates whether the authentication token is revoked.

    false
    creatorType

    string

    The type of the creator of the authentication token. Valid value:

    • `application`: An application.

    application
    creatorId

    string

    The ID of the creator of the authentication token.

    app_ngtkgrrxxxxktg5eao6z4xxxxx
    consumerType

    string

    The type of the consumer of the authentication token. Valid values:

    • `application`: An application.

    • `custom`: A custom type.

    application
    consumerId

    string

    The ID of the consumer of the authentication token.

    app_ngtkgrrxxxxktg5eao6z4xxxxx
    expirationTime

    integer

    The time when the authentication token expires. This is a UNIX timestamp in milliseconds.

    1772693568000
    oauthAccessTokenContent

    object

    The content of the OAuth access token.

    accessTokenValue

    string

    The `access_token` field in the response from the token endpoint of the OAuth protocol.

    DgEBAGP2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    tokenType

    string

    The `token_type` field in the response from the token endpoint of the OAuth protocol.

    Bearer
    scope

    string

    The `scope` field in the response from the token endpoint of the OAuth protocol.

    example:test_01 example:test_02

    Examples

    Success response

    JSON format

    {
  "instanceId": "idaas_ue2jvisn35ea5lmthk267xxxxx",
  "authenticationTokenId": "atntkn_01kqflm0sxxx8nmdc1cb5dskxxxxx",
  "credentialProviderId": "atp_01kr2cmj5gxxx4fvmls2e93dxxxxx",
  "createTime": 1649830225000,
  "updateTime": 1649830225000,
  "authenticationTokenType": "oauth_access_token",
  "revoked": false,
  "creatorType": "application",
  "creatorId": "app_ngtkgrrxxxxktg5eao6z4xxxxx",
  "consumerType": "application",
  "consumerId": "app_ngtkgrrxxxxktg5eao6z4xxxxx",
  "expirationTime": 1772693568000,
  "oauthAccessTokenContent": {
    "accessTokenValue": "DgEBAGP2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    "tokenType": "Bearer",
    "scope": "example:test_01 example:test_02"
  }
}

    Error codes

    See Error Codes for a complete list.

    Release notes

    See Release Notes for a complete list.