OAuth
This API is used to interact with Edge Auth resources in Qlik elastic environments.
Endpoints
Skip to sectionGET | /oauth/authorize |
POST | /oauth/revoke |
POST | /oauth/token |
Allows a client to revoke their token
Facts POST /oauth/revoke
Rate limit required | Tier 2 (100 requests per minute) |
Request Body POST /oauth/revoke
application/json | Properties of the token that the client wants to revoke. |
application/x-www-form-urlencoded | Properties of the token that the client wants to revoke. |
Responses POST /oauth/revoke
200 application/json object | Token was revoked. |
400 application/json | Invalid request. |
POST/oauth/revoke
curl "https://your-tenant.us.qlikcloud.com/oauth/revoke" \
-X POST \
-H "Content-type: application/json" \
-d '{"token":"string","token_type_hint":"access_token"}'
Request POST /oauth/revoke
{
"token": "string",
"token_type_hint": "access_token"
}
Allows a client to perform an OAuth flow to obtain a token set.
Facts POST /oauth/token
Rate limit required | Tier 2 (100 requests per minute) |
Request Body POST /oauth/token
application/json | No description |
application/x-www-form-urlencoded | No description |
Responses POST /oauth/token
200 application/json | Token set created. |
400 application/json | Invalid request parameters. |
401 application/json | Invalid login or tokens, indicates that code or token used can be deleted by the client. Also could be invalid client credentials provided in Authorization header. |
403 application/json | Forbidden because user is disabled or has reached the maximum number of tokens. |
POST/oauth/token
curl "https://your-tenant.us.qlikcloud.com/oauth/token" \
-X POST \
-H "Content-type: application/json"
Response POST /oauth/token
{
"scope": "offline_access user_default",
"auth_time": 1628524367,
"expires_at": "1970-01-18T13:17:10.931Z",
"token_type": "bearer",
"access_token": "string",
"refresh_token": "string",
"issued_token_type": "urn:ietf:params:oauth:token-type:access_token"
}
Error
objectAn error object.
Properties
code required string | The error code. |
meta object | Non-standard information about the error. |
title required string | The error title. |
detail string | The detailed error message. |
status string | The http status code. |
Errors
objectA representation of the errors encountered from the HTTP request.
Properties
errors | List of errors and their properties. |
oauth-client-credentials-request
Properties
scope string | The scope of access that is being requested. Enum: user_default |
grant_type required string | The grant type used to obtain an access token outside of the context of a user. Enum: client_credentials |
oauth-refresh-request
Properties
grant_type required string | The grant type used to exchange a refresh token for an access token. Enum: refresh_token |
client_secret string | The client secret. |
refresh_token required string | The refresh token to use. |
oauth-revoke-request
objectProperties
token required string | The token to revoke. |
token_type_hint string | Type of the provided token. Enum: access_token refresh_token |
oauth-token-exchange
Exchanges one token for another. Implementation is based on this spec: https://datatracker.ietf.org/doc/html/rfc8693.
Properties
purpose required | The intended use for the requested token. Enum: websocket |
client_id required string | The client identifier. |
grant_type required string | Specifies the method in which the token will be granted. Enum: urn:ietf:params:oauth:grant-type:token-exchange |
subject_token required string | The token that represents the identity of the party on behalf of whom the request is being made. |
subject_token_type required string | The type of the subject token. Enum: urn:ietf:params:oauth:token-type:access_token |
oauth-token-response
objectProperties
scope string | The scope of access that is being granted, delimited by space. |
auth_time number | Unix time of when the last authentication occurred. |
expires_at string<date-time> | The date and time in ISO format for when the access token will expire. |
token_type required string | The type of the token issued. Enum: bearer |
access_token required string | The access token granted. |
refresh_token string | Refresh token to be used to obtain a new access token without user intervention. |
issued_token_type string | The type of the token issued for a token exchange. See https://datatracker.ietf.org/doc/html/rfc8693#section-2.2.1 for more details. Enum: urn:ietf:params:oauth:token-type:access_token |