Conventions
Each API request, regardless of whether you used Client Credentials, or Authorization Code flow will need an Authorization header passing. The access token should be prefixed with the string
Bearer
, e.g.Authorizaton: Bearer <ACCESS_TOKEN>
Access tokens expire. If this happens you will receive an HTTP
401 Unauthorized
response. Check the
WWW-Authenticate
header for more details. A typical error would be:Bearer error="invalid_token", error_description="The token expired at '12/23/2020 10:27:15'"
If you are using Authorization Code flow and requested a refresh token, using the
offline_access
scope, then you can use the refresh token to request a new access token.Dates or date/times should be passed and received formatted to RFC 3339. This is essentially ISO 8601 format.
Example | Description |
---|---|
2020-12-25 | Effectively 2020-12-25T00:00:00 |
2020-12-25T10:50:00Z | 10:50am UTC on 25 December 2020 |
2020-12-25T10:50:00.5095207Z | High precision date/time |
Last modified 5mo ago