Overview
Once users are redirected back to the application with the code from LivePerson's Identity Service, the application will need to retrieve a token in order to access Conversational Cloud services. This is a request which enables retrieving that token.
This request should be made after obtaining the code from the authorize request as it is needed to create the access token.
Request
| Method | URL |
|---|---|
| POST | https://{domain}/sentinel/api/account/{accountId}/token?v=1.0 |
Query Parameters
| Parameter | Description | Type | Required | Notes |
|---|---|---|---|---|
| v | API version number | number | Required | Default Value: 1.0 |
Headers
| Header | Description |
|---|---|
| Content-Type | application/x-www-form-urlencoded;charset=UTF-8 |
Body
| Parameter | Description | Type | Required | Notes |
|---|---|---|---|---|
| grant_type | String | Required | Value MUST be set to "authorization_code" | |
| code | the code that was provided to the application in the redirection callback | String | Required | |
| redirect_uri | the redirect uri that was provided by the application in the authorizaton request | String | Required if the "redirect_uri" parameter was included in the authorization request | |
| client_id | installation id provided after application registration | String | Required | |
| client_secret | secret provided after application registration | String | Required |
Example:
client_id=xyz&client_secret=yqr&grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb
Response
Response Codes
| Code | Response |
|---|---|
| 200 | OK — request for access token succeeded |
| 400 | Bad request — Problem with body or query parameters |
| 500 | Internal server error |
Response Body
| Attribute name | Description |
|---|---|
| access_token | token to use as authorization when interacting with LE services |
| token_type | Always Bearer |
| refresh_token | token to use when requesting an access token refresh via the refresh method |
| id_token | a JWT asserting the id of the user |
| expires_in | The lifetime in seconds of the access token |
Note: The token_type is an attribute of the access_token and its value is always "Bearer"
ID Token structure
| Attribute name | Description | |
|---|---|---|
| sub | user ID | |
| aud | ID of the application asking for authorization | |
| iss | Always "sentinel" (lowercase) | |
| iat | JWT creation time. value is seconds since EPOC | |
| exp | JWT expiration time. value is seconds since EPOC | |
| is_admin | boolean, true if user has admin role | |
| is_lpa | boolean, true if user is LPA |
Example:
{
"access_token": "f8fe53ea00999321e0c7c1dd8197881a17d67e27ae596320c352297ee3154861",
"token_type": "Bearer",
"refresh_token": "6be279a5deeb573192ebab4f8d65e3e81eddcb551a15ee6e6b50ac5b6e3a8ea781416c1e366a1ac3486523b0b0c82e1f3e93003031f66efa7af00d681fe4f6943793c376a81b10d73980e59d874ef629bafe3d2de3558d5e847ea0ab588b5e8644eb0941d92908764bc82cdab7a04a61579009eadde40f23beae7f68dfd03b769f3f4ac9daa047183a562160551a09c2d4f2ae0bf7e2a82a0a241e071dc2dd8af20791b3db1c58c76149274a4814a463de920fefec6e84ad3bcf1d99f8c348cd26516b7f54edaf41a3035f82d31c122e0becd08357557287beb4ae2e13516e969fced89443425a59d7878f44e74928e19a8651a31a8ae18e6b9eb44f4fdf8fcf264b2127b3e1c096720d8915464d6cf9",
"id_token": "eyJraWQiOiJpZHRva2VuLTE5LTA4LTE5IiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYifQ.eyJpc19hZG1pbiI6dHJ1ZSwic3ViIjoiNDA1ODk5NzUxMCIsImF1ZCI6IjYwNzBiZDE1LWUzNDgtNDBiYi04ZWM1LTc1YzRkMDczYmJkOSIsIndzdWsiOiI4ODM2MjkzMTI0NDU2MjkwMzM2IiwiaXNfbHBhIjpmYWxzZSwiaXNzIjoiU2VudGluZWwiLCJleHAiOjE2ODgyNzY0NjIsImlhdCI6MTY4ODI3NTg2MiwiZW1haWwiOiJlMmV0ZXN0MEBsaXZlcGVyc29uLmNvbSIsInVzZXJuYW1lIjoiZTJldGVzdDAifQ.E6DbVHS37-C9P92fqi266o3kp2nsFCtmEHbzOQ2iDvz9G_tMxpbpNWqO3CE-VBsMFkOotix63DOFpJf3KVN8RI0dA6JYQSfyLBVbxLG917l8kuFDNIWYaqLqw7TbvtcdISOSDmBK2aq82QJ10kpbSS13duZAzhvTMyfIWV1nVyw",
"expires_in": 28800
}