Skip to main content
POST
/
oauth
/
token
Returns an access token
curl --request POST \
  --url https://api.pipevest.com/v1/oauth/token \
  --header 'Content-Digest: <content-digest>' \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --header 'Signature: <signature>' \
  --header 'Signature-Input: <signature-input>' \
  --header 'X-Idempotency-Id: <x-idempotency-id>' \
  --data clientId=client-id \
  --data clientSecret=client-secret
{
  "message": "Authentication successful",
  "tokenId": "ffdcf324-5d27-4289-b626-386979e50bae",
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJvcmdhbml6YXRpb25JZCI6ImNtaGx5MXkxbzAwMDJzNjAxY2Y2aXRocm8iLCJjbGllbnRJZCI6Im9yZ19kZGE4MzcxY2U5ZmUxZGEyYmE3OThjZGVkMWU1NjRjYSIsIm9yZ2FuaXphdGlvbk5hbWUiOiJNYWNlamtvdmljLCBEb25uZWxseSBhbmQgS3VobG1hbiIsImlhdCI6MTc2Mjc4Mjk2MSwiZXhwIjoxNzYyNzg2NTYxLCJhdWQiOiJvcmdhbml6YXRpb24tcG9ydGFsIiwiaXNzIjoib3JnYW5pemF0aW9uLWFwaSIsImp0aSI6ImZmZGNmMzI0LTVkMjctNDI4OS1iNjI2LTM4Njk3OWU1MGJhZSJ9.dIq1_o5fCvTdLcQV9NhtN5CQ7qWHUzJt1903E_8t3aA",
  "expiresIn": 3600,
  "maxTTL": 86400,
  "tokenType": "Bearer",
  "scope": [
    "READ",
    "WRITE"
  ],
  "trustedIps": [],
  "organization": {
    "id": "cmhly1y1o0002s601cf6ithro",
    "name": "Macejkovic, Donnelly and Kuhlman",
    "clientId": "org_dda8371ce9fe1da2ba798cded1e564ca"
  },
  "createdAt": 1762782961,
  "updatedAt": 1762782961
}

Headers

Signature
string
required

Base64 encoded signed hash of the http message request components.

Learn how signatures work

Example:

"sig1=:OTEyMjY4...A5NTNDMEQ=:"

Signature-Input
string
required

An ordered list of components that make up the signature base. It is used to recompute and verify the Signature

Learn how signatures work

Example:

"sig1=(\"Content-Type\" \"Content-Digest\"...expires=<expires>"

X-Idempotency-Id
string
required

Unique identifier passed into each a mutable request (i.e POST, PUT, PATCH, DELETE)

This key isn't not required for GET requests

Example:

"01937261-e216-754f-99ba-c1170d65dd28"

Content-Digest
string
required

Base64 encoded sha-512 hash of the http message body.

This key isn't not required for GET and DELETE requests.

Learn how to generate content digest

Example:

"sha-512=:RK/0qy18MlBSVnWgjwz6lZEWjP/lF5HF9bvEF8FabDg=:"

Body

application/x-www-form-urlencoded

Details used to create a customer within the system

clientId
string
required

Unique identifier assigned to the client

Example:

"client-id"

clientSecret
string
required

Private passcode shared with the client

Example:

"client-secret"

Response

Details of the access token

Details of the authenticated token request

message
string
required

Authentication response message

Example:

"Authentication successful"

tokenId
string
required

Unique token identifier

Example:

"ffdcf324-5d27-4289-b626-386979e50bae"

token
string
required

JWT access token

Example:

"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJvcmdhbml6YXRpb25JZCI6ImNtaGx5MXkxbzAwMDJzNjAxY2Y2aXRocm8iLCJjbGllbnRJZCI6Im9yZ19kZGE4MzcxY2U5ZmUxZGEyYmE3OThjZGVkMWU1NjRjYSIsIm9yZ2FuaXphdGlvbk5hbWUiOiJNYWNlamtvdmljLCBEb25uZWxseSBhbmQgS3VobG1hbiIsImlhdCI6MTc2Mjc4Mjk2MSwiZXhwIjoxNzYyNzg2NTYxLCJhdWQiOiJvcmdhbml6YXRpb24tcG9ydGFsIiwiaXNzIjoib3JnYW5pemF0aW9uLWFwaSIsImp0aSI6ImZmZGNmMzI0LTVkMjctNDI4OS1iNjI2LTM4Njk3OWU1MGJhZSJ9.dIq1_o5fCvTdLcQV9NhtN5CQ7qWHUzJt1903E_8t3aA"

expiresIn
integer
required

A token's current TTL

Example:

123

maxTTL
integer
required

A token's max time to TTL

Example:

123

tokenType
string
required

Token type

Example:

"Bearer"

scope
enum<string>[]
required

Authorization scopes associated with token

Example:
["READ", "WRITE"]
trustedIps
string[]
required

The list of ip addresses whitelisted for this client

An ip address whitelisted for this client

organization
object
required

Organization details associated with the token

createdAt
integer
required

Created at unix timestamp

Example:

1234567890

updatedAt
integer
required

Updated at unix timestamp

Example:

1234567890