Getting OAuth2 Tokens

Getting OAuth2 Tokens (needed OAuth2 authentication only)

Returns the OAuth2 refresh token and access token for an authenticated user. This is invoked once when the the user provisions a Document Provider. Subsequent calls are made to get an updated access token.


HTTP Request POST /any/url

The URL is configurable and corresponds to the Token Endpoint URL value on the custom integration Setup page.

Query Parameters

Name Required Description
grant_type yes

Values include “authorization_code” or “refresh_token”. The value specified indicates which of the two parameters will be passed to this API call: code or refresh_token.

code depends

The authorization code sent to Workfront just after the user clicks the “Grant” button. This is only required when the grant type is “authorization_code”. The authorization code should be short lived, generally expiring in 10 minutes or less.

refresh_token depends

This is only required when making subsequent calls to retrieve a new access_token, given that the previous access_token as expired. When sending this value set the grant_type parameter to “refresh_token”.

client_id yes The Client ID configured in Workfront for this custom integration.
client_secret yes  The Client Secret configured in Workfront for this custom integration.


Name Type  Description
access_token  String

A token used to make authorized API calls on the user’s behalf. This should expire to prevent unauthorized API calls.

refresh_token  String

A long-lived token used to retrieve a new access_token by calling this API method.

expires_in  long

(optional) The time (in seconds) before the access_token expires, generally 3,600.


POST /oauth2/token



Audited 6/27/2018

This article last updated on 2018-06-28 16:53:11 UTC