OAuth

Using OAuth, PrizmDoc Cloud can not only authorize a request via the PrizmDoc Cloud API key, but also by custom user information. Ultimately, this will allow you to create rules to limit access to various resources.

Available URLs

URL	Description
POST /v1/authTokens	Retrieves an authorization token that can be used to authenticate calls to PrizmDoc Cloud Services.

POST /v1/authTokens

Retrieves an authorization token that can be used to authenticate calls to PrizmDoc Cloud Services.

Request

Request Headers

Name	Description
`acs-api-key`	Required {{api-key}}
`Content-Type`	Required application/x-www-form-urlencoded

Request Body

grant_type=client_credentials&scope={client customer user id} {client custom role}

Successful Response

Response Body

Success returns code 200 - OK

Content-Type: application/json
Cache-Control: no-store
Pragma: no-cache

Error Responses

Status Code	JSON errorCode	Description
`400`	`"Bad Request"`	Returned when data is incorrect within body of the request.
`401`	`"Unauthorized"`	Returned when the key provided in the `acs-api-key` is incorrect or missing.

Examples

Request

grant_type=client_credentials&scope={client customer user id} {client custom role}

grant_type=client_credentials&scope=userid:1234 role:admin

Response

Successful Response

{
     "access_token":"{valid access token}",
     "token_type":"acs-oauth",
     "expires_in":{time in seconds},
     "scope":{requested scope} // user:{useridValue} role:{roleValue}
}

{
     "access_token":"PrizmDoc Cloud-Hosted-ACCESS-TOKEN",
     "token_type":"acs-oauth",>
     "expires_in":3600,
     "scope":"userid:1234 role:admin"
}

Error Response

{
     "error":"invalid_request" // error code definitions: https://tools.ietf.org/html/rfc6749#section-5.2
}