Catalyst

by Zoho
×
Cancel
  • Tutorials
  • FAQ
  • Developer Tools
    CLI
    SDK
    Java Node.js Python Web Android iOS Flutter
    REST API
    Utilities
    Extensions Tools Integrations
    • Go to console

    Token

    The element denotes the token based authentication wraps up the following two stages,

    • Token URL helps to generate grant token using the access token.
    • Authentication URL is used in the server side to authenticate the token and identity of user.

    Possible Locations

    Attributes


    Name Type Description
    name
    required    		 String Name of the token.
    visibility String (enum) Decides who can view and use the element. The possible values are internal, private, public. The default value is public.

    Child Elements

    Example

    In the travelers resource, we have decided to use the token for authentication. So, you have to write the authentication schema for it under the <resource> in the following way.

        
    
        
    copy
    
        
    
            
    
        
    
    
    
    
    
         
<token name="MyTokenFlow">
    <token-url path="https://authorization-server.com/token">
        <operation method="post" name="GenerateToken" category="action">
            <request-body>
                <content>
                    <encode type="application/json" />
                    <structure>
                        <property name="client_id" type="string"/>
                        <property name="client_secret" type="string"/>
                        <property name="code" type="string"/>
                    </structure>
                </content>
            </request-body>
            <response status="200">
                <content>
                    <encode type="application/json" />
                    <structure name="TokenResponse">
                        <property name="token" type="string"/>
                        <property name="api_domain" type="string"/>
                        <property name="expires_in" type="datetime"/>
                    </structure>
                </content>
            </response>
        </operation> 
    </token-url>
    <authentication-url path="https://authorization-server.com/token-info">
        <operation method="post" name="IntrospectToken" category="action">
            <request-body>
                <content>
                    <encode type="text/plain" />
                    <structure name="Token">
                        <property name="token" type="string"/>
                    </structure>
                </content>
            </request-body>
            <response status="200">
                <content>
                    <encode type="application/json" />
                    <structure-group type="one-of">
                        <structure name="TokenInfo">
                            <property name="active" type="boolean" values="true"/>
                            <property name="scopes" type="string"/>
                            <property name="client_id" type="string"/>
                            <property name="expires_at" type="datetime"/>
                        </structure>
                        <structure name="ExpiredTokenResponse">
                            <property name="active" type="boolean" values="false"/>
                        </structure>
                    </structure-group>
                </content>
            </response>
            <response status="401">
                <content>
                    <encode type="application/json" />
                    <structure name="AuthenticationErrorResponse">
                        <property name="code" type="string" values="INVALID_CLIENT"/>
                        <property name="message" type="string"/>
                        <property name="status" type="string" values="error"/>
                    </structure>
                </content>
            </response>
        </operation>
    </authentication-url>
</token>

    Last Updated 2025-05-30 16:54:59 +0530 +0530

    PREVIOUS

    NEXT