English

Home > Elements Public APIs > Get the Access Token

Get the Access Token

Based on the credentials of an app registration in Elements, refer to the following sections:

- If you want to get the access token with a client secret in an app registration, refer to the instructions in [Client Secret](#missing-link).

- If you want to get the access token with a certificate in an app registration, refer to the instructions in [Certificate](#missing-link).

Client Secret

If you want to get the access token with a client secret in an app registration, follow the instructions below to send a POST request:

Set the access token URL: https://identity.avepointonlineservices.com/connect/token.
Set the header to Content-Type: application/x-www-form-urlencoded.
Set the following parameters in the request body:
- client_id – Copy the Application (Client) ID value in the app registration and paste the value here.
- client_secret – Copy the Client Secret value that has been saved upon the creation of the app registration, and paste the value here.
- scope – Set the scope, which is the assigned permissions. Please ensure the permissions have been configured in the app registration.
- grant_type – Set this value to client_credentials.
In the response, the access_token node represents the token value, the expires_in node represents the token will expire in how many seconds, and the scope node lists the assigned permissions of the app registration.

You can use Postman to test the POST request as below:

A sample of testing the POST request.

Certificate

Once you have the application (client) ID, get the access token via the application (client) ID to authenticate with Elements APIs.

The following information is required to get an access token:

Element	Description
Identity Service URL	https://identity.avepointonlineservices.com
Application (Client) ID	The application (client) ID you have retrieved.
Certificate	The corresponding .pfx certificate file of the .cer certificate you used when registering the app.

To get the access token using the above information, create a JSON web token using the Client ID and certificate first, and then use the JSON web token to request an access token of the defined scope from Identity Service.

Below is an example for getting the access token.

var identityServiceUrl = "{https://identity.avepointonlineservices.com}";
var client = new HttpClient();
var disco = await client.GetDiscoveryDocumentAsync(identityServiceUrl);
if (disco.IsError)
{
    return;
}
var tokenResponse = await client.RequestClientCredentialsTokenAsync(new ClientCredentialsTokenRequest
{
    Address = disco.TokenEndpoint,
    ClientAssertion = new ClientAssertion()
    {
        Type = OidcConstants.ClientAssertionTypes.JwtBearer,
        Value = CreateClientAuthJwt(disco)
    }
}
if (tokenResponse.IsError)
{    
    return;
}
return  tokenResponse.Json
private static string CreateClientAuthJwt(DiscoveryDocumentResponse response)
        {
            var clientId = "{Client ID}";
            var certificateThumbprint = "{Certificate Thumbprint}";

            // set exp to 5 minutes
            var tokenHandler = new JwtSecurityTokenHandler { TokenLifetimeInMinutes = 60 };

            var securityToken = tokenHandler.CreateJwtSecurityToken(
                // iss must be the client_id of our application
                issuer: clientId,
                // aud must be the identity provider (token endpoint)
                audience: response.TokenEndpoint,
                // sub must be the client_id of our application
                subject: new ClaimsIdentity(
                  new List<Claim> { new Claim("sub", clientId),
                  new Claim("jti", Guid.NewGuid().ToString())}),
                // sign with the private key (using RS256 for IdentityServer)
                signingCredentials: new SigningCredentials(
                  new X509SecurityKey(new X509Certificate2(LoadCertificate(certificateThumbprint))), "RS256")
            );
            return tokenHandler.WriteToken(securityToken);
        }
private static X509Certificate2 LoadCertificate(string certificateThumbprint)
        {
            var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
            store.Open(OpenFlags.ReadOnly);
            var vCloudCertificate = store.Certificates.Find(
                    X509FindType.FindByThumbprint,
                    certificateThumbprint,
                    false)[0];
            return vCloudCertificate;
        }

NOTE

The token you get will expire in one hour, and you need to get the token again after the expiration.

On this page

Manage Baselines

Supported Baseline Configurations

Deploy Configurations to a Tenant

Restore Tenant Configurations

View and Modify Tenant Configurations

View Workspaces of a Tenant

User Template Management

License Unit Cost Profile Management

AD Naming Profile Management

View Overview Statistics of a Tenant

Manage Users

Create a User

Manage User Personal Information

Manage Groups

Create a Group

Edit a Group

Campaigns for SharePoint Banner

Campaigns for Teams

Campaigns for Emails

Microsoft CSP

Manage Resellers

Manage Subscriptions and Licenses for a Tenant

ArrowSphere

Manage Resellers

Manage Subscriptions and Licenses for a Tenant

Ingram Micro Xvantage

Manage Resellers

Manage Subscriptions and Licenses for a Tenant

Integration with ConnectWise

Get the Access Token

Client Secret

Certificate

Supported Baseline Configurations

Create a User

Manage User Personal Information

Create a Group

Edit a Group

Manage Resellers

Manage Subscriptions and Licenses for a Tenant

Manage Resellers

Manage Subscriptions and Licenses for a Tenant

Manage Resellers

Manage Subscriptions and Licenses for a Tenant

#Get the Access Token

#Client Secret

#Certificate

Get the Access Token

Client Secret

Certificate