Authorization code flow
Connect to Kandio directly from you own application to receive the required access token for accessing Kandio's API resources. Follow the guidelines below to manage the authorization code flow.
The Authorization Code grant type is used by API applications integrating to Kandio's API to exchange an authorization code for an access token. Allow the user to trigger the authorisation flow from your system by implementing the following flow:
Your system sends the user and password to Kandio's authentication server.
Kandio will repond with an access token and refresh token for your application to use
Your system automatically handles the continuous refresh token exchange.
Requirements and limitations
The Kandio's OpenApi requires HTTPS.
Kandio's OAuth access tokens expire after 1 hour. After expiration, applications must generate a new OAuth access token using the refresh token received when the authorization was first granted.
Refresh tokens can only be used once.
Requesting tokens
POST /oauth/token
Request Body
Copy {
"token_type": "Bearer",
"expires_in": 1296000,
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiI5NDFmZjI5MC1lY2MxLTQxYjQtYmY3OS01YTllMTVhZGFjZDciLCJqdGkiOiIwYzMzODI5MjZiNjQ5MjEwOWVlZDljYTJkNDQ0YzM3YjJjYTVjZDVmMjEwMmQ4MjgxNDdiMjQwYzY2YTM0ZDlkZTFlN2YzN2M1MDU5ZWRjMSIsImlhdCI6MTYzODI0NjY2MSwibmJmIjoxNjM4MjQ2NjYxLCJleHAiOjE2Mzk1NDI2NjEsInN1YiI6IjEiLCJzY29wZXMiOlsiKiJdfQ.AF66u01dC_hAlxeCBl3ul1SzKaGwOuvq4Wnsfppe2fcbBN6bcAtciPus9X6TO-_OgLIZWSMnaVDCfTdbKm8MhcT9mkNeK_tZkkd2BhWjN0R0ZTNYOJ96WxQpIT-MX8j3Tt8JppqveKAEngvJhk3Rs5xIwrgGeRE0KQPZBZ9-BqWgxvJa1uhhYk0TnVHKvoT-vp9u55N6_neQh7-uxYyB4TZE1prbOQB7z7bDemxojwttd3S6OMLT5GihhK-eUaFFlLyx2K9Q_nvoPzKrFqJLUOUcd4GYMIqqtams771DHFxBvbtrnBJCxwMAK-BpkgGpUTjppnpO8OF-YOCLHnlOllKTQrb-xUKWawOt62HunGNWZxkfbFcn1MFMiM-jqeqYgI-ZeG326Ya5YCQwYFUU4Xn0OwsfdfQgjnS9kvC6211oSqtVzSmmqx_3aiwF1kjmPMdTijOcnwqB9lX-FieOLrfI3G9J24bhss-6av_kq_Mzmf3-Fx5SkZ61mzaA8du9_uitbgcYiNYgiuZas9obUR7GiumyIPdL8Mw7zwh63rU_oNnUNcx3YhCDyaREiD_umWgBDpqIerw9P4DVjKSniD7qihstQQlk5bzyBBv9_iYBaLEnHvoI_xT5CB8CQ9SqD3jToQ6Q-A-tS0B7zcTiDc0k6zaILJYPSB4hZdch6Vo",
"refresh_token": "def50200e82df3ae44ff04fc55f8e3fcb8042b8a3f7c8d42ebdff222c2b5d1c4917b47bc0a90120f74da26ba93d7ee88721a2ab2d495e8015fd34c7241e574e097d9e886d196aa2269000c3674083db1c1db28081970888959d6a71d81f2f9f1d34daf1e62187127e363ac07723b7f72ba20219a4878aafc0d9272af2e36c99626592543e96b9d7b508d73cce3c7a5f6871ac63d484c69de7c3aeb0c157af8de8ce521d79e0808840847250c8a59c7e0b7b7a929fadc5a02a71f70fd0c1401a14e8a0816598a61f3dc846b39bdba27160d98c0e3d1a20fe534c96d1a321e786e0a02a17b55acbd866b570e3a39ff7ba1bff994999d87710d608cb5d0b0bab74914b30a3ffda10ada5bd8c957d1fcaaf76269d8caf3bd83cc9cb7a0ef090c5e80726dff02b89462d96d5943e9aff64ac0378891083fa38b036ea4af7e642481b38eaed1122dcea688b5758ed08aa86edba169782dc54a4c45079bd770d628b6198b0893ec9b7f72c3bc0ad000e22fbf976d956352664411779c4efc2e88203d00586877f5fabe35"
}
Copy {
"error": "invalid_request",
"error_description": "The refresh token is invalid.",
"hint": "Token has been revoked",
"message": "The refresh token is invalid."
} Refreshing tokens
POST /oauth/token
Request Body
Copy {
"token_type": "Bearer",
"expires_in": 1296000,
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiI5NDFmZjI5MC1lY2MxLTQxYjQtYmY3OS01YTllMTVhZGFjZDciLCJqdGkiOiIwYzMzODI5MjZiNjQ5MjEwOWVlZDljYTJkNDQ0YzM3YjJjYTVjZDVmMjEwMmQ4MjgxNDdiMjQwYzY2YTM0ZDlkZTFlN2YzN2M1MDU5ZWRjMSIsImlhdCI6MTYzODI0NjY2MSwibmJmIjoxNjM4MjQ2NjYxLCJleHAiOjE2Mzk1NDI2NjEsInN1YiI6IjEiLCJzY29wZXMiOlsiKiJdfQ.AF66u01dC_hAlxeCBl3ul1SzKaGwOuvq4Wnsfppe2fcbBN6bcAtciPus9X6TO-_OgLIZWSMnaVDCfTdbKm8MhcT9mkNeK_tZkkd2BhWjN0R0ZTNYOJ96WxQpIT-MX8j3Tt8JppqveKAEngvJhk3Rs5xIwrgGeRE0KQPZBZ9-BqWgxvJa1uhhYk0TnVHKvoT-vp9u55N6_neQh7-uxYyB4TZE1prbOQB7z7bDemxojwttd3S6OMLT5GihhK-eUaFFlLyx2K9Q_nvoPzKrFqJLUOUcd4GYMIqqtams771DHFxBvbtrnBJCxwMAK-BpkgGpUTjppnpO8OF-YOCLHnlOllKTQrb-xUKWawOt62HunGNWZxkfbFcn1MFMiM-jqeqYgI-ZeG326Ya5YCQwYFUU4Xn0OwsfdfQgjnS9kvC6211oSqtVzSmmqx_3aiwF1kjmPMdTijOcnwqB9lX-FieOLrfI3G9J24bhss-6av_kq_Mzmf3-Fx5SkZ61mzaA8du9_uitbgcYiNYgiuZas9obUR7GiumyIPdL8Mw7zwh63rU_oNnUNcx3YhCDyaREiD_umWgBDpqIerw9P4DVjKSniD7qihstQQlk5bzyBBv9_iYBaLEnHvoI_xT5CB8CQ9SqD3jToQ6Q-A-tS0B7zcTiDc0k6zaILJYPSB4hZdch6Vo",
"refresh_token": "def50200e82df3ae44ff04fc55f8e3fcb8042b8a3f7c8d42ebdff222c2b5d1c4917b47bc0a90120f74da26ba93d7ee88721a2ab2d495e8015fd34c7241e574e097d9e886d196aa2269000c3674083db1c1db28081970888959d6a71d81f2f9f1d34daf1e62187127e363ac07723b7f72ba20219a4878aafc0d9272af2e36c99626592543e96b9d7b508d73cce3c7a5f6871ac63d484c69de7c3aeb0c157af8de8ce521d79e0808840847250c8a59c7e0b7b7a929fadc5a02a71f70fd0c1401a14e8a0816598a61f3dc846b39bdba27160d98c0e3d1a20fe534c96d1a321e786e0a02a17b55acbd866b570e3a39ff7ba1bff994999d87710d608cb5d0b0bab74914b30a3ffda10ada5bd8c957d1fcaaf76269d8caf3bd83cc9cb7a0ef090c5e80726dff02b89462d96d5943e9aff64ac0378891083fa38b036ea4af7e642481b38eaed1122dcea688b5758ed08aa86edba169782dc54a4c45079bd770d628b6198b0893ec9b7f72c3bc0ad000e22fbf976d956352664411779c4efc2e88203d00586877f5fabe35"
}
Copy {
"error": "invalid_request",
"error_description": "The refresh token is invalid.",
"hint": "Token has been revoked",
"message": "The refresh token is invalid."
} 