Example Requests and Responses

In this article

    The following example illustrates how a user and the server communicate using requests and responses.

    1. To obtain an access token and a refresh token, a user sends the HTTP POST request to the VAO /token path.

    In the request body, the user specifies the following parameters:

    Request:

    POST https://uwin2012r2.n.local:9898/token

     

    Request Header:

    content-type:application/x-www-form-urlencoded

     

    Request Body:

    grant_type=password&username=vao\administrator&password=Password1

    The server sends a response in the following format.

    Response:

    200

    Response Body:

    {

     "access_token": "0G072fREAFX3G2hIOQYiCLxvx-NvSra2GtQMxUHHPFsh9a3RNmI2R6VI6evgdvIopQSLo6nAy_SvZ6YnQagc5vlJOcSzfMjU3LiRxUuE7VdTydd4Br6mpMCmxaGTIrFhnrhiBKqqVbhcXiVppx-lLOjFzO379fsyyXspmnnuhjzHdlTKTa4V5VDKrtpfoOZyiz1Pa8_r9JtPc0D6vldUbQ-bEskoXkZGbyEOb4kYk8XqLm69GGTmn4bO8_da2fPwH4yjj2yP5vxmTZi3Rto47YyPbW98l2-s4ocd3nJXsHYD-csU1U4zCTzfLENKR_JB",

     "token_type": "bearer",

     "expires_in": 899,

     "refresh_token": "Yp5SaGYSR6ChFkr9T5LJ2PcNNGAR+Df9ixOALtAsOD0="

    }

    1. [Applies only if a dedicated client account is required]

    To create a client account, the user sends the HTTP POST request to the api/v4/Clients endpoint.

    In the Authorization header, the user specifies the currently valid access token in the Bearer <access_token> format.

    Request:

    POST https://uwin2012r2.n.local:9898/api/v4/Clients

     

    Request Header:

    Authorization: Bearer 0G072fREAFX3G2hIOQYiCLxvx-NvSra2GtQMxUHHPFsh9a3RNmI2R6VI6evgdvIopQSLo6nAy_SvZ6YnQagc5vlJOcSzfMjU3LiRxUuE7VdTydd4Br6mpMCmxaGTIrFhnrhiBKqqVbhcXiVppx-lLOjFzO379fsyyXspmnnuhjzHdlTKTa4V5VDKrtpfoOZyiz1Pa8_r9JtPc0D6vldUbQ-bEskoXkZGbyEOb4kYk8XqLm69GGTmn4bO8_da2fPwH4yjj2yP5vxmTZi3Rto47YyPbW98l2-s4ocd3nJXsHYD-csU1U4zCTzfLENKR_JB

    The server sends a response in the following format.

    Response:

    200

    Response Body:

    {

     "client_id": "4a346f40-d4b6-4ed8-913d-d6e1297a75a4",

     "client_secret": "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA88p/hgiPqUG5Ianexa8klAQAAAACAAAAAAAQZgAAAAEAACAAAAAKaqFPz0480AeOmARrLL9l76H8x22PD98B7BSTzkIO8gAAAAAOgAAAAAIAACAAAABPK3q/7A6EWS2KVvXTWiz4O7xrdoPNBk2qiY43MOuGVjAAAACPhL6JAEQCTYTItygVLo8i16ZdzdPXZ3l1KM6XBrDKbEyAKLFHmeb4jV5Deo0jKWNAAAAAdi7slKgOZR6JTqseaK3uHAXOxknjagjBStrZ61EPeYp23R28tlzq6FiZ/JW76XJ4yqHj96t2Q8XSijhzKFV5KA=="

    }

    1. [Applies only if a dedicated client account is required]

    To obtain an access under the client account, the client sends the HTTP POST request to the VAO /token path.

    In the body of the request, the client specifies the following parameters:

    Request:

    POST https://uwin2012r2.n.local:9898/token

     

    Request Header:

    content-type: application/x-www-form-urlencoded

     

    Request Body:

    grant_type=client_credentials&client_id=58b91a67-4aca-490f-aeac-2ea11eadceaa&client_secret=iGuL5owQoVbN/RfaWYPTjh4QHT+1ylQlqiwKR+PS/jA=

    The server sends a response in the following format.

    Response:

    200

    Response Body:

    {

    "access_token": "RknUZHexLF2i_TyAqusCrT0UwTosECThrK-ZDKCrkLlKClG19Wmrr0CCMvas0wvddmbeVy345I404g52Ck26gDGKI1YuAjI6vYQZf78D_cE6MIrdqF6ckQRZkGtpInk8NO_pwAllhcowDfIgEOHZ39mTvUVVgkMovKrA_4az2E50G1-IRctPcdK3ivrJHrsUaG5oIg69YRrh_uPrFMXYk2xIEfoO8ehNsB_Vm1S_ngjMS2I6DICG4cPQboc7efO3L-BBxwnyj4lNYOSvIztkQxDuYAw5f06efHfwbP_ZksGmRZWUZcHvDVVUJZ3YJiQg7977LeyK9cQ847-nKIwlBw2jRR0MTstsgLIe44RLlyY",

     "token_type": "bearer",

     "expires_in": 899,

     "refresh_token": "aUCl0dAA9FNg1FR3f1ShgzoznDTZIxGKjrtSzIabtoo=",

    }

    1. To refresh the pair of tokens, the user or client sends the HTTP POST request to the VAO /token path.

    In the body of the request, the user or client specifies the following parameters:

    Request:

    POST https://uwin2012r2.n.local:9898/token

     

    Request Header:

    Content-Type: application/x-www-form-urlencoded

     

    Request Body:

    grant_type=refresh_token&refresh_token=aUCl0dAA9FNg1FR3f1ShgzoznDTZIxGKjrtSzIabtoo%3D

    The server sends a response in the following format.

    Response:

    200

    Response Body:

    {

     "access_token": "YSEoaL6H9EEyJpnrJ9WhLtzbrrBBYWqMQFDBQuLnp13qGQX6MjNfZ_wriPIRHQrbY-8dYtsWcRZQczIHVuSqbnVb00m-yOihPZZHQ48aP1VcgUtgnYTvtAO3WRJ1cJ8VaIXzsVYKIGrLa1Lm41LsjpMiiPZytkqIUUiphhlXn7Vm10xlTzQUe0TU3HmXK-KD2MiB6qBImaISkEjgCmyIsurSN2mHi1Qo8VlZadnhkBd3v6nD5GEb8Gh4Zw7YAv5klmrnM0iBu7xhev2hVMZvKHGXvGshI3gS24-hIWbSsBGarVnRLSiUzor6QExTGShSa7pIeJWsAtJXLF5a3oSUooUv_YMYe8d5iZEouUuirrw",

     "token_type": "bearer",

     "expires_in": 899,

     "refresh_token": "vbGuPkz7XLS1p5PQ3EARoGGKJKFMdgBbIi6fH79WQac="

    }

    1. To get all client IDs related to the user account, the user sends the HTTP GET request to the api/v4/Clients endpoint. The client can get only its own ID using this request.

    In the Authorization header, the user or client specifies the currently valid access token in the Bearer <access_token> format.

    Request:

    GET https://uwin2012r2.n.local:9898/api/v4/Clients

     

    Request Header:

    Authorization: Bearer YSEoaL6H9EEyJpnrJ9WhLtzbrrBBYWqMQFDBQuLnp13qGQX6MjNfZ_wriPIRHQrbY-8dYtsWcRZQczIHVuSqbnVb00m-yOihPZZHQ48aP1VcgUtgnYTvtAO3WRJ1cJ8VaIXzsVYKIGrLa1Lm41LsjpMiiPZytkqIUUiphhlXn7Vm10xlTzQUe0TU3HmXK-KD2MiB6qBImaISkEjgCmyIsurSN2mHi1Qo8VlZadnhkBd3v6nD5GEb8Gh4Zw7YAv5klmrnM0iBu7xhev2hVMZvKHGXvGshI3gS24-hIWbSsBGarVnRLSiUzor6QExTGShSa7pIeJWsAtJXLF5a3oSUooUv_YMYe8d5iZEouUuirrw

    The server sends a response in the following format.

    Response:

    200

    Response Body:

    [

     "4a346f40-d4b6-4ed8-913d-d6e1297a75a4",

     "b2845041-53ce-4335-b157-bcf9b08740c8",

     "98e3c3cc-5945-4b30-9e89-6066e5159502",

     "3ace3638-3810-4f0f-92e6-d700ad5df6ba",

     "06af349a-acba-4f42-9f81-721489bcae4c"

    ]

    1. To delete a client account, the user sends the HTTP DELETE request to the api/v4/Clients endpoint. The client can delete only his own client account using this request.

    In the Authorization header, the user or client specifies the currently valid access token in the Bearer <access_token> format.

    In the clientId parameter, the user specifies an ID of the client to be deleted, the client specifies its own client ID.

    Request:

    DELETE https://uwin2012r2.n.local:9898/api/v4/Clients?clientId=4a346f40-d4b6-4ed8-913d-d6e1297a75a4

     

    Request Header:

    Authorization: Bearer YSEoaL6H9EEyJpnrJ9WhLtzbrrBBYWqMQFDBQuLnp13qGQX6MjNfZ_wriPIRHQrbY-8dYtsWcRZQczIHVuSqbnVb00m-yOihPZZHQ48aP1VcgUtgnYTvtAO3WRJ1cJ8VaIXzsVYKIGrLa1Lm41LsjpMiiPZytkqIUUiphhlXn7Vm10xlTzQUe0TU3HmXK-KD2MiB6qBImaISkEjgCmyIsurSN2mHi1Qo8VlZadnhkBd3v6nD5GEb8Gh4Zw7YAv5klmrnM0iBu7xhev2hVMZvKHGXvGshI3gS24-hIWbSsBGarVnRLSiUzor6QExTGShSa7pIeJWsAtJXLF5a3oSUooUv_YMYe8d5iZEouUuirrw

    The server sends a response in the following format.

    Response:

    204

    1. To log out, the user or client sends the HTTP DELETE request to the api/token endpoint.

    In the Authorization header, the user or client specifies currently valid access token in the Bearer <access_token> format.

    Request:

    DELETE https://uwin2012r2.n.local:9898/api/token

     

    Request Header:

    Authorization: Bearer YSEoaL6H9EEyJpnrJ9WhLtzbrrBBYWqMQFDBQuLnp13qGQX6MjNfZ_wriPIRHQrbY-8dYtsWcRZQczIHVuSqbnVb00m-yOihPZZHQ48aP1VcgUtgnYTvtAO3WRJ1cJ8VaIXzsVYKIGrLa1Lm41LsjpMiiPZytkqIUUiphhlXn7Vm10xlTzQUe0TU3HmXK-KD2MiB6qBImaISkEjgCmyIsurSN2mHi1Qo8VlZadnhkBd3v6nD5GEb8Gh4Zw7YAv5klmrnM0iBu7xhev2hVMZvKHGXvGshI3gS24-hIWbSsBGarVnRLSiUzor6QExTGShSa7pIeJWsAtJXLF5a3oSUooUv_YMYe8d5iZEouUuirrw

    The server sends a response in the following format.

    Response:

    204