API Connectivity – Request API Access
- The user clicks on the “Request Access” button
- The Login page appears, Net ID credentials and 2nd auth factor needed
- The user clicks on the “Request Access” button again
- The user creates a new application, or selects an existing one
- The user selects the API instance to access
- The user selects the SLA tier to access (if applies)
- The user receives the client_id and client_secret
Invoking the Token API to generate access tokens
- Combine the client Id and client secret keys in the format client-id:client-secret and encode the combined string using base64. Encoding to base64 can be done using the URL:
Here’s an example client key and secret combination : wU62DjlyDBnq87GlfwplfqvmAbAa:ksdSdoefDDP7wpaElfqvmjDue.
- Access the Token API by using a REST client such as the
or cURL, with the following parameters.
- payload – “grant_type=password&username=<username>&password=<password>&scope=<scope1> <scope2>”. Replace the <username> and<password> values as appropriate.
- headers – Authorization: Basic <base64 encoded string> Replace the <base64 encoded string> as appropriate.
A note about scopes
The scope parameter is a space-separated list of OAuth scopes, indicating what type of access you need. It limits access for OAuth tokens.
For example, use the following cURL command to access the Token API. It generates two tokens, an access token and a refresh token. You can use the refresh token at the time a.
[code] Sample curl [/code]
curl -k -d
"Authorization: Basic c0lKV2kza043bGl5N0FIMmlqeWddfOXVDcsdfdTphd1dRCZDMyOHgfmJrOG1WYlcdfd0UnBFVjhh"
cURL With Scope
Note about OAuth Access Token Expiration
User access tokens have a fixed expiration time, which is set to 60 minutes.
Example Token Response
|scope||A space separated list of scopes you’ve requested.|
|token_type||OAuth token type.|
|expires_in||The number of seconds until this access token expires.|
|refresh_token||A special kind of token that can be used to obtain a renewed access token.|
|access_token||A token that you can use for NYU API calls.|
When a user access token expires, the user can try regenerating the token as explained in the Renewing user tokens section below.
Renewing Access Token
After an access token is generated, sometimes you might have to renew the old token due to expiration or security concerns. You can renew an access token using a refresh token, by issuing a REST call to the Token API with the following parameters.
- payload – “grant_type=refresh_token&refresh_token=<refresh_token>&scope=<scope1> <scope2> <scope…>”. Replace the <refresh_token> value with the refresh token generated in the .
- headers – Authorization :Basic <base64 encoded string>, Content-Type: application/x-www-form-urlencoded. Replace<base64 encoded string> as appropriate.
For example, the following cURL command can be used to refresh the token.
Revoking access tokens
After issuing an access token, a user or an admin can revoke it in case of theft or a security violation. You can do this by calling Revoke API using a utility like cURL. The Revoke API’s endpoint URL is https://auth.nyu.edu/oauth2/revoke.
Parameters required to invoke this API are as follows:
payload - token=<ACCESS_TOKEN_TO_BE_REVOKED>&token_type_hint=access_token
- header – Authorization :Basic <base64 encoded string>, Content-Type: application/x-www-form-urlencoded. Replace<base64 encoded string> as appropriate.
For example, the following cURL command can be used to revoke the access token.
Invoking API using access token