post https://{applicationQualifiedDomain}.us.wristband.dev/api/v1/oauth2/token
Creates tokens for the provided grant type. The types of tokens created depends on the grant type specified in the token request.
Supported Grant Types:
authorization_code
: The authorization code is obtained by using an authorization server as an intermediary between the client and resource owner. The authorization code provides a few important security benefits, such as the ability to authenticate the client, as well as the transmission of the access token directly to the client without passing it through the resource owner's user-agent and potentially exposing it to others.client_credentials
: The client can request an access token using only its client credentials. The client credentials grant type MUST only be used by confidential clients.refresh_token
: Refresh tokens are credentials used to obtain access tokens. Refresh tokens are issued to the client by the authorization server and are used to obtain a new access token when the current access token becomes invalid or expires, or to obtain additional access tokens with identical or narrower scope (access tokens may have a shorter lifetime and fewer permissions than authorized by the resource owner).
NOTE: Confidential client types (BACKEND_SERVER
and MACHINE_TO_MACHINE
) must supply their clientId and clientSecret in the Authorization header using the Basic Auth security scheme. For example, Authorization: Basic ZGVtbzpwQDU1dzByZA==
.