home

Mobile Endpoint Security

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Request a Token

Make a POST request to https://api.lookout.com/oauth2/token to obtain an access_token. The resulting access_token has an expiry (example: 2 hours).

The POST request must have a Content-Type header of application/x-www-form-urlencoded. Provide the following parameters in the body of the request using form-encoding:

ParameterRequired?Description
grant_type
YesMust be client_credentials.
scope
NoA space-separated set of scope names. If omitted, the request uses the default permissions of the <application_key>.

For example:

curl -H ‘Accept: application/json’                        \     -H ‘Authorization: Bearer <application_key>’         \
     -H 'Content-Type: application/x-www-form-urlencoded' \
     -d ‘grant_type=client_credentials’                   \
     https://api.lookout.com/oauth2/token

Another example, using the Postman REST client plug-in for Chrome:



Handle Token Response

When a token request succeeds the server responds with a 200 response code and the following fields:

FieldTypeProvided?Description
access_token
StringAlwaysAn access token for this application.
token_type
StringAlwaysThe access token type. Always Bearer.
expires_at
NumberAlwaysThe epoch in milliseconds of when the token will expire, specified in milliseconds since January 1, 1970 00:00:00 GMT.
expires_in
NumberAlwaysThe token time to live (TTL) in seconds.
scope
StringAlwaysA space-delimited set of scopes actually granted. This may be a subset of the requested scopes.

For example:

HTTP/1.1 200 OK
Content-Type: application/json;charset=utf-8
Content-Length: 2907
{
  "access_token": "eyJr...",
  "token_type": "Bearer",
  "expires_at": 1692308926918,
  "expires_in": 7039,
  "scope": "",
}