Search Help Contents:
|
|||||||||||||||||||||||||||
TopicsAPI Calls
|
POST /oauth2/token
All requests to the API require a token.
Request an access token by posting credentials. Expeditors validates that the customer with these credentials is registered to use the API, then generates a non-forgeable, strongly encrypted token that identifies the customer for a limited period of time.
This request has a rate limit of 10 requests per hour; request a new access token only when the previous token has expired or is about to expire, approximately every 2 hours.
Example Request
Headers
Where {clientCredentials} is the Base64 encoded client id and password separated by a colon ":".
For example, Base64 encoding of myId:password yields:
Client id and password are provided by Expeditors when a customer application is registered. |
||||||||||||||||||||||||||
| Type | Name | Purpose | Values | Required? |
| body form parameter | grant_type | Type of authorization | client_credentials | Y |
No other grant type is currently accepted by this API; requests with no grant type specified will be rejected.
The response format is JSON; see Access Token for data types.
200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache
{ "access_token": "Ejr2YotnFZFEjr1zCsicMWpAAotnFZFEjr1zCsic", "token_type": "bearer", "expires_in": 900, "scope": "application" } |
When credentials are invalid or not properly encoded, a 401 Unauthorized response is returned:
401 Unauthorized Content-Type: application/json
{ "error_description":
"client authentication failed because client
is unknown, no client authentication was included,
or an unsupported authentication method was used.",
} |
© 2024 Expeditors International of Washington, Inc.
All information contained herein is business confidential and proprietary and may not be reproduced in any form without advanced
written consent of an authorized officer of the copyright holder.
 |
|
