Example Token Request

Example Token Request – Generic Token (no userid)

  1. Using curl (with form-encoded body):

    curl -X POST "https://api.AIRisk.example.com/api/oauth2/Token" \
        -H "Content-Type: application/x-www-form-urlencoded" \
        -d "client_id=YOUR_client_id&client_secret=YOUR_client_secret&redirect_uri=https%3A%2F%2Flocalhost%2Fcallback&code=AUTH_CODE_HERE"

    In this example:

    • Replace YOUR_client_id and YOUR_client_secret with your actual credentials.

    • redirect_uri is URL-encoded (https%3A%2F%2Flocalhost%2Fcallback corresponds to https://localhost/callback).

    • AUTH_CODE_HERE should be replaced with the code you received in the previous step (e.g., SplxlOBeZQQYbYS6WxSbIA).

  2. Alternatively, using Python and the requests library (sending JSON payload):

    import requests
    
    token_url = "https://api.AIRisk.example.com/api/oauth2/Token"
    data = {
        "client_id": "YOUR_client_id",
        "client_secret": "YOUR_client_secret",
        "redirect_uri": "https://localhost/callback",
        "code": "AUTH_CODE_HERE"
    }
    
    response = requests.post(token_url, json=data)
    token_response = response.json()
    
    print(token_response.get("access_token"))

Here we post a JSON body with the required fields. The server will respond with a JSON object (as shown below). We then parse the JSON to extract the access_token. In a real application, you would store this token and use it to authorize API calls via the HTTP Header for a bearer token.

Example Success Response (JSON):


{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...", 
  "expiration": "2025-03-31T13:12:17Z"
}
  • access_token – The OAuth2 access token string. This is typically a long opaque string or JWT that you will use to authenticate requests to the AIRisk API.

  • expiration – The UTC-formatted datetime in which the token expires.

Example Token Request – User-Specific Token (with userid)

If you included a userid in the authorization step, use the same userid when exchanging the code. For example, suppose we indicated userid=user_42 in the authorization URL and got back a code. We would make the token request as follows:

curl -X POST "https://api.AIRisk.example.com/api/oauth2/Token" \
     -H "Content-Type: application/x-www-form-urlencoded" \
     -d "client_id=YOUR_client_id&client_secret=YOUR_client_secret&redirect_uri=https%3A%2F%2Flocalhost%2Fcallback&code=AUTH_CODE_HERE&userid=user_42"

This is identical to the earlier request, except we have appended &userid=user_42 (using the same user ID that was in the auth request). The response format for a user-specific token is the same JSON structure:

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...", 
  "expiration": "2025-03-31T14:10:57Z"
}

In this case, access_token here is associated with User 42’s account. When using this token to call protected endpoints, the AIRisk API will treat the request as on behalf of that user.

Last updated