All Products
Search

This Product

    Identity as a Service:GenerateTokenByAuthorizationServer

    Document Center

    Identity as a Service:GenerateTokenByAuthorizationServer

    Last Updated:Mar 17, 2026

    The token endpoint for an instance-level authorization server.

    Try it now

    Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

    Test

    RAM authorization

    No authorization for this operation. If you encounter issues with this operation, contact technical support.

    Request syntax

    POST /v2/{instanceId}/authorizationServer/{authorizationServerId}/oauth2/token HTTP/1.1

    Path Parameters

    Parameter

    Type

    Required

    Description

    Example
    instanceId

    string

    Yes

    Instance ID.

    idaas_ue2jvisn35ea5lmthk267xxxxx
    authorizationServerId

    string

    Yes

    Authorization server ID.

    iauths_system

    Request parameters

    Parameter

    Type

    Required

    Description

    Example
    grant_type

    string

    Yes

    Grant type.

    authorization_code
    client_id

    string

    Yes

    Client ID.

    app_mkv7rgt4d7i4u7zqtzev2mxxxx
    code

    string

    No

    Authorization code. Required when grant_type is authorization_code.

    CO541xY59EsKniV2wvWDXZ4jiKxxxxx
    username

    string

    No

    Username.

    userxxxxx
    password

    string

    No

    Password.

    testxxxxx
    device_code

    string

    No

    Device code. Required when grant_type is urn:ietf:params:oauth:grant-type:device_code.

    DCxxxxxx
    redirect_uri

    string

    No

    Redirection URI. Required when grant_type is authorization_code. Must match the redirect_uri used in the authorization code request.

    https://example.com/xxxxx
    refresh_token

    string

    No

    Refresh token.

    RTxxxxx
    scope

    string

    No

    Scope.

    openid
    code_verifier

    string

    No

    You can validate the code.

    xxxxx
    client_assertion

    string

    No

    Client assertion.

    eyJraWQiOiJLRVlLZ0Iyxxxxx
    client_assertion_type

    string

    No

    Client assertion type.

    urn:ietf:params:oauth:client-assertion-type:jwt-bearer
    application_federated_credential_name

    string

    No

    Federated application credential name.

    testxxxxx
    client_x509

    string

    No

    Client certificate.

    testxxxxx
    client_x509_chain

    string

    No

    Intermediate certificate list.

    testxxxxx
    client_secret

    string

    No

    Client key.

    CSEHDcHcrUKHw1CuxkJEHPveWRxxxxx

    Response elements

    Element

    Type

    Description

    Example

    object

    Token information.

    token_type

    string

    Token type.

    Bearer
    access_token

    string

    Access credential.

    eyJraWQiOiJLRVlLZ0Iyxxxxx

    refresh_token

    string

    Refresh token.

    ATxxxxx
    expires_in

    integer

    Validity period of the access credential, in seconds.

    1200
    expires_at

    integer

    Expiration time of the access credential, as a UNIX timestamp in seconds.

    1653288641
    id_token

    string

    Identity credential.

    eyJraWQiOiJLRVlLZ0Iyxxxxx

    scope

    string

    Scope.

    openid

    Examples

    Success response

    JSON format

    {
  "token_type": "Bearer",
  "access_token": "eyJraWQiOiJLRVlLZ0Iyxxxxx\n",
  "refresh_token": "ATxxxxx",
  "expires_in": 1200,
  "expires_at": 1653288641,
  "id_token": "eyJraWQiOiJLRVlLZ0Iyxxxxx\n",
  "scope": "openid"
}

    Error codes

    See Error Codes for a complete list.

    Release notes

    See Release Notes for a complete list.