Authentication Protocol
Copy for LLM
Copy page as Markdown for LLMs
View as Markdown
Open this page as Markdown
Open in ChatGPT
Get insights from ChatGPT
Open in Claude
Get insights from Claude
Connect to Cursor
Install MCP server on Cursor
Connect to VS Code
Install MCP server on VS Code

Client API consumers will authenticate against an OAuth2 endpoint exposed by the client API (see endpoint URLs below). The OAuth2 endpoint acts as the authorization server for your client and will provide the granted credentials for access to the API Endpoints. This Authorization API POST request will return a short-lived JSON Web Token that will be provided in calls to the application endpoints exposed by the API.

Production Authentication Endpoint

https://apxjwtauthprod.apx.com/oauth/token

UAT Authentication Endpoint

https://apxjwtauthuat.apx.com/oauth/token

Headers

Key	Value	Description
Authorization	Basic {client:secret}	The client:secret for the token request.  This is Base64-encoded as standard for HTTP Basic Authentication.  This value authorizes your software to access Xpansiv resources.
Content-Type	application/x-www-form-urlencoded	Indicates that the POST-ed content is URL-encoded.

Parameters

These parameters must be POST-ed to the endpoint above as URL-encoded form data.

Field	Description
Username	Client API Service User Name
Password	Client API Service Password
grant_type	Value: password. This is associated with the The OAuth 2.0 Authorization Framework password credentials scenario

Results

Field	Description
access_token	This is the token to be used in the “Bearer” value of the HTTP Authorization header in subsequent requests.
token_type	The type of the token to be used in the API Requests.
grant_type	Value: password. This is associated with the OAuth2 password credentials scenario. The value returned will be “bearer”
expires_in	Duration (in seconds) in which the token will expire and a subsequent authentication request will need to be made if time expires.
scope	The scope of the granted access. The value returned will be "access".

Attempts to call application endpoints without a valid token will result in an HTTP error message being returned.

Status Codes

HTTP Status Code	Status	Status Message
200	SUCCESS	Successfully authenticated
401	ERROR	Bad Request - Invalid Login ID or Password

Get/Post Security

In order to successfully call into the APIs the below authorization header will need to be presented.

Headers

Key	Value	Description
Authorization	Bearer {access_token}	The access_token that is returned from the authentication request will be inserted into the value field.

Authentication ProtocolCopyCopy for LLMCopy page as Markdown for LLMsView as MarkdownOpen this page as MarkdownOpen in ChatGPTGet insights from ChatGPTOpen in ClaudeGet insights from ClaudeConnect to CursorInstall MCP server on CursorConnect to VS CodeInstall MCP server on VS Code

Production Authentication Endpoint

UAT Authentication Endpoint

Headers

Parameters

Results

Status Codes

Get/Post Security

Headers

Was this helpful?

Authentication Protocol
Copy for LLM
Copy page as Markdown for LLMs
View as Markdown
Open this page as Markdown
Open in ChatGPT
Get insights from ChatGPT
Open in Claude
Get insights from Claude
Connect to Cursor
Install MCP server on Cursor
Connect to VS Code
Install MCP server on VS Code