Authorization

OAuth2 token endpoint for obtaining and refreshing access tokens.

Base URL: https://api.contit.cloud

Requires AllowAnonymous policy

Request Body application/json

Property	Type	Required	Description
`grant_type`	string	✓	OAuth2 grant type: 'client_credentials', 'refresh_token', 'api_key', or 'authorization_code'
`client_id`	string	✓	The client ID (application ID)
`client_secret`	string	—	The client secret (required for client_credentials grant)
`refresh_token`	string	—	The refresh token (required for refresh_token grant)
`api_key`	string	—	The API key (required for api_key grant)
`code`	string	—	The authorization code (required for authorization_code grant)
`redirect_uri`	string	—	Redirect URI (required for authorization_code grant)
`scope`	string	—	Requested scopes (space-separated)

Responses

200 Success — returns access token

`access_token`	string	The bearer token for API authentication
`token_type`	string	Token type, always 'Bearer'
`expires_in`	integer	Token lifetime in seconds
`refresh_token`	string	Refresh token for obtaining new access tokens

400 Bad Request — invalid grant type or missing required parameters

401 Unauthorized — invalid client credentials

Code examples

curl -X POST "https://api.contit.cloud/connect/token" \
  -H "X-Api-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
  "grant_type": "grant_type_value",
  "client_id": "client_id_value",
  "client_secret": "client_secret_value",
  "refresh_token": "refresh_token_value",
  "api_key": "api_key_value",
  "code": "code_value",
  "redirect_uri": "redirect_uri_value",
  "scope": "scope_value"
}'

using var http = new HttpClient();
http.DefaultRequestHeaders.Add("X-Api-Key", "YOUR_API_KEY");

var content = new StringContent("{
  \"grant_type\": \"grant_type_value\",
  \"client_id\": \"client_id_value\",
  \"client_secret\": \"client_secret_value\",
  \"refresh_token\": \"refresh_token_value\",
  \"api_key\": \"api_key_value\",
  \"code\": \"code_value\",
  \"redirect_uri\": \"redirect_uri_value\",
  \"scope\": \"scope_value\"
}",
    Encoding.UTF8, "application/json");
var response = await http.PostAsync(
    "https://api.contit.cloud/connect/token", content);

response.EnsureSuccessStatusCode();
var json = await response.Content.ReadAsStringAsync();

const response = await fetch(
  "https://api.contit.cloud/connect/token",
  {
    method: "POST",
    headers: {
      "X-Api-Key": "YOUR_API_KEY",
      "Content-Type": "application/json"
    },
    body: JSON.stringify({
  "grant_type": "grant_type_value",
  "client_id": "client_id_value",
  "client_secret": "client_secret_value",
  "refresh_token": "refresh_token_value",
  "api_key": "api_key_value",
  "code": "code_value",
  "redirect_uri": "redirect_uri_value",
  "scope": "scope_value"
})
  }
);

const data = await response.json();

import requests

headers = {"X-Api-Key": "YOUR_API_KEY"}
payload = {
  "grant_type": "grant_type_value",
  "client_id": "client_id_value",
  "client_secret": "client_secret_value",
  "refresh_token": "refresh_token_value",
  "api_key": "api_key_value",
  "code": "code_value",
  "redirect_uri": "redirect_uri_value",
  "scope": "scope_value"
}

response = requests.post(
    "https://api.contit.cloud/connect/token",
    json=payload,
    headers=headers
)

data = response.json()

POST /connect/token
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials&client_id=my-app-id&client_secret=my-app-secret

{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJteS1hcHAtaWQiLCJhdWQiOiJjb250aXQtYXBpIiwiZXhwIjoxNzczNTgzODAwLCJpYXQiOjE3NzM1ODAyMDAsImlzcyI6Imh0dHBzOi8vYXV0aC5jb250aXQuY29tIn0.signature",
  "token_type": "Bearer",
  "expires_in": 3600,
  "refresh_token": "rt_a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6"
}

API Key / Bearer Token

Request Body JSON