Request a Token
Make a
POST request to https://api.lookout.com/oauth2/token to obtain an access_token. The resulting access_token has an expiry (example: 2 hours).
The
POST request must have a
Content-Type header of
application/x-www-form-urlencoded. Provide the following parameters in the body of the request using form-encoding:
| Parameter | Required? | Description |
|---|---|---|
| Yes | Must be
client_credentials. |
| No | A space-separated set of scope names. If omitted, the request uses the default permissions of the
<application_key>. |
For example:
curl -H ‘Accept: application/json’ \ -H ‘Authorization: Bearer <application_key>’ \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d ‘grant_type=client_credentials’ \
https://api.lookout.com/oauth2/token
Another example, using the Postman REST client plug-in for Chrome:
Handle Token Response
When a token request succeeds the server responds with a 200 response code and the following fields:
| Field | Type | Provided? | Description |
|---|---|---|---|
| String | Always | An access token for this application. |
| String | Always | The access token type. Always
Bearer. |
| Number | Always | The epoch in milliseconds of when the token will expire, specified in milliseconds since January 1, 1970 00:00:00 GMT. |
| Number | Always | The token time to live (TTL) in seconds. |
| String | Always | A space-delimited set of scopes actually granted. This may be a subset of the requested scopes. |
For example:
HTTP/1.1 200 OK
Content-Type: application/json;charset=utf-8
Content-Length: 2907
{
"access_token": "eyJr...",
"token_type": "Bearer",
"expires_at": 1692308926918,
"expires_in": 7039,
"scope": "",
}
