Overview

Once users are redirected back to the application with the code from LivePerson's Identity Service, the application will need to retrieve a token in order to access Conversational Cloud services. This is a request which enables retrieving that token.

This request should be made after obtaining the code from the authorize request as it is needed to create the access token.

Request

Method URL
POST https://{domain}/sentinel/api/account/{accountId}/token?v=1.0

Query Parameters

Parameter Description Type Required Notes
v API version number number Required Default Value: 1.0

Headers

Header Description
Content-Type application/x-www-form-urlencoded;charset=UTF-8

Body

Parameter Description Type Required Notes
grant_type   String Required Value MUST be set to "authorization_code"
code the code that was provided to the application in the redirection callback String Required  
redirect_uri the redirect uri that was provided by the application in the authorizaton request String Required if the "redirect_uri" parameter was included in the authorization request  
client_id installation id provided after application registration String Required  
client_secret secret provided after application registration String Required  

Example:

client_id=xyz&client_secret=yqr&grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb

Response

Response Codes

Code Response
200 OK — request for access token succeeded
400 Bad request — Problem with body or query parameters
500 Internal server error

Response Body

Attribute name Description
access_token token to use as authorization when interacting with LE services
token_type Always Bearer
refresh_token token to use when requesting an access token refresh via the refresh method
id_token a JWT asserting the id of the user
expires_in The lifetime in seconds of the access token

Note: The token_type is an attribute of the access_token and its value is always "Bearer"

ID Token structure

Attribute name Description  
sub user ID  
aud ID of the application asking for authorization  
iss Always "sentinel" (lowercase)  
iat JWT creation time. value is seconds since EPOC  
exp JWT expiration time. value is seconds since EPOC  
is_admin boolean, true if user has admin role  
is_lpa boolean, true if user is LPA  

Example:

    {
      "access_token": "f8fe53ea00999321e0c7c1dd8197881a17d67e27ae596320c352297ee3154861",
      "token_type": "Bearer",
      "refresh_token": "6be279a5deeb573192ebab4f8d65e3e81eddcb551a15ee6e6b50ac5b6e3a8ea781416c1e366a1ac3486523b0b0c82e1f3e93003031f66efa7af00d681fe4f6943793c376a81b10d73980e59d874ef629bafe3d2de3558d5e847ea0ab588b5e8644eb0941d92908764bc82cdab7a04a61579009eadde40f23beae7f68dfd03b769f3f4ac9daa047183a562160551a09c2d4f2ae0bf7e2a82a0a241e071dc2dd8af20791b3db1c58c76149274a4814a463de920fefec6e84ad3bcf1d99f8c348cd26516b7f54edaf41a3035f82d31c122e0becd08357557287beb4ae2e13516e969fced89443425a59d7878f44e74928e19a8651a31a8ae18e6b9eb44f4fdf8fcf264b2127b3e1c096720d8915464d6cf9",
      "id_token": "eyJraWQiOiJpZHRva2VuLTE5LTA4LTE5IiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYifQ.eyJpc19hZG1pbiI6dHJ1ZSwic3ViIjoiNDA1ODk5NzUxMCIsImF1ZCI6IjYwNzBiZDE1LWUzNDgtNDBiYi04ZWM1LTc1YzRkMDczYmJkOSIsIndzdWsiOiI4ODM2MjkzMTI0NDU2MjkwMzM2IiwiaXNfbHBhIjpmYWxzZSwiaXNzIjoiU2VudGluZWwiLCJleHAiOjE2ODgyNzY0NjIsImlhdCI6MTY4ODI3NTg2MiwiZW1haWwiOiJlMmV0ZXN0MEBsaXZlcGVyc29uLmNvbSIsInVzZXJuYW1lIjoiZTJldGVzdDAifQ.E6DbVHS37-C9P92fqi266o3kp2nsFCtmEHbzOQ2iDvz9G_tMxpbpNWqO3CE-VBsMFkOotix63DOFpJf3KVN8RI0dA6JYQSfyLBVbxLG917l8kuFDNIWYaqLqw7TbvtcdISOSDmBK2aq82QJ10kpbSS13duZAzhvTMyfIWV1nVyw",
      "expires_in": 28800

    }