Start Login

In order to authenticate using application user, you need a client identifier, a client secret, username, password and device say:

    Client identifier: Client!234
    Client secret: myPassw0rd
    Username: myUserName
    Password: myPassword
    Device: myDevice

Request

POST /oauth/token HTTP/1.1
Host: connect-testing.secupay-ag.de
Content-Type: application/x-www-form-urlencoded
Cache-Control: no-cache

grant_type=appuser&client_id=Client!234&client_secret=myPassw0rd&username=myUserName&password=myPassword&device=myDevice

Response

{
    "access_token": "71gr4cuj3l2ah8hk15bt5pnp10",
    "expires_in": 1200,
    "token_type": "bearer",
    "scope": null,
    "refresh_token": "a025ce54891a260dde9e67c6f83026a62a8538dd"
}

The most important fields to note here are *expires_in* and *access_token*. You can use your *access_token* for the next *expires_in* seconds, in this case 1200 seconds, or 20 minutes. Before these 20 minutes are up, you need to refresh your token in order to continue using our services.

Errors

400 Bad Request

Error "invalid_client"

Invalid Credentials
{
    "error": "invalid_client",
    "error_description": "The client credentials are invalid"
}
No credentials transmitted
{
    "error": "invalid_client",
    "error_description": "Client credentials were not found in the headers or body"
}
No client secret transmitted
{
    "error": "invalid_client",
    "error_description": "This client is invalid or must authenticate using a client secret"
}

Error "unsupported_grant_type"

{
    "error": "unsupported_grant_type",
    "error_description": "Grant type \"foo\" not supported"
}

Error "invalid_request"

No grant type transmitted
{
    "error": "invalid_request",
    "error_description": "The grant type was not specified in the request"
}
No username, password or device transmitted
{
	"error": "invalid_request",
	"error_description": "Missing parameters: \"username\", \"password\" and \"device\" required"
}