Configuring Access Token Requests

Your secure server uses an authorization code to request an access token from the token_endpoint discovered earlier. Information on setting up your secure server is in Integration Options on the Web.

To configure this request:

  1. Base64 encode your client_id and client_secret:
        Base64Encode(“{client_id}:{client_secret}”)

📘

After retrieving your client_secret from the ZenKey Developer Portal, store your client_secret on your secure backend and restrict access to only those that need it.

  1. Insert this encoded value in your authorization header:
        'Authorization': "Basic {encoded_value_here}"
  1. Specify the Content-Type as URL-encoded:
        Content-Type: application/x-www-form-urlencoded
  1. Include the following parameters in the body of your token request:
    grant_type="authorization_code"
    code="{auth_code}"
    redirect_uri="{auth_redirect_uri}"
  
``` grant_type="authorization_code" code="{auth_code}" redirect_uri="{auth_redirect_uri}" code_verifier="{codeVerifier}" ```

Here are all the components working together:

POST /token HTTP/1.1
Host: mno.com
Authorization: Basic {encoded_value_here}
Content-Type: application/x-www-form-urlencoded

    grant_type=authorization_code
    &redirect_uri=https://www.client.com
    &code={auth_code}

``` POST /token HTTP/1.1 Host: mno.com Authorization: Basic {encoded_value_here} Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code
&redirect_uri=https://www.client.com
&code={auth_code}
&code_verifier={codeVerifier}
</div>

 

Did this page help you?