Example Token Request

Example Token Request – Generic Token (no userid)

1. Using curl (with form-encoded body):

   Copy

   curl -X POST "https://api.AIRisk.example.com/api/oauth2/Token" \
       -H "Content-Type: application/x-www-form-urlencoded" \
       -d "client_id=YOUR_client_id&client_secret=YOUR_client_secret&redirect_uri=https%3A%2F%2Flocalhost%2Fcallback&code=AUTH_CODE_HERE"

   In this example:

   • Replace YOUR_client_id and YOUR_client_secret with your actual credentials.

   • redirect_uri is URL-encoded (https%3A%2F%2Flocalhost%2Fcallback corresponds to https://localhost/callback).

   • AUTH_CODE_HERE should be replaced with the code you received in the previous step (e.g., SplxlOBeZQQYbYS6WxSbIA).

2. Alternatively, using Python and the requests library (sending JSON payload):

   Copy

   import requests
   
   token_url = "https://api.AIRisk.example.com/api/oauth2/Token"
   data = {
       "client_id": "YOUR_client_id",
       "client_secret": "YOUR_client_secret",
       "redirect_uri": "https://localhost/callback",
       "code": "AUTH_CODE_HERE"
   }
   
   response = requests.post(token_url, json=data)
   token_response = response.json()
   
   print(token_response.get("access_token"))

Here we post a JSON body with the required fields. The server will respond with a JSON object (as shown below). We then parse the JSON to extract the access_token. In a real application, you would store this token and use it to authorize API calls via the HTTP Header for a bearer token.

Example Success Response (JSON):

• access_token – The OAuth2 access token string. This is typically a long opaque string or JWT that you will use to authenticate requests to the AIRisk API.

• expiration – The UTC-formatted datetime in which the token expires.

Example Token Request – User-Specific Token (with userid)

If you included a userid in the authorization step, use the same userid when exchanging the code. For example, suppose we indicated userid=user_42 in the authorization URL and got back a code. We would make the token request as follows:

This is identical to the earlier request, except we have appended &userid=user_42 (using the same user ID that was in the auth request). The response format for a user-specific token is the same JSON structure:

In this case, access_token here is associated with User 42’s account. When using this token to call protected endpoints, the AIRisk API will treat the request as on behalf of that user.