Access Token

To request an Access Token, Partner must invoke the OAuth Token Endpoint using their unique client ID and secret in conjunction to the proper scopes and grants. The JSON response will deliver a 200 ok status with provided 'access_token' value. The 'access_token' value must be passed to all subsequent API calls in the Authorization Request Header.

Access Tokens granted to clients can be valid for up to 7 days from the date of their request, although standard iniated time is set for 10 minutes. Additionally, at any time, the PRIVO server can force expiration of an Access Token, thereby, forcing a Client to refresh its Access Token. In the event that an Access Token has expired for a protected resource, the Client will receive an error message defining the expired result. See "Expired Token Error Response" example in Refresh Token section.

For more information please follow this link.

Sample Token Request:


Sample JSON Response:

        "scope":"PRIVOLOCK TRUST"

Subsequent Request Header:

      Authorization:  Bearer eyJhbGciOiJSUzIi.......3gZthv7Y