TokenRequest
- grantenum
_type const:client_credentialsrequiredvalues- client
_credentials
- authorizationType: string
_details RFC 9396 Rich Authorization Requests (subset). URL-encoded JSON array of typed objects. The value must be URL-encoded in the form body.
Supported types:
-
org_scope— Narrow the token's org scope. Include"locations"with org UUIDs. The token'scustom:orgRolesclaim will contain only the requested orgs (must be a subset of the client's allowed orgs). Example:[{"type":"org_scope","locations":["org-uuid-1"]}] -
user_delegation— Issue a user-scoped token. Provide at least one of:"subject"— the target user'ssourcedId(UUID).-
"subject_email"— the target user's email (platform resolves to UUID internally). If both are provided,subjecttakes priority. The issued token carries acustom:delegateUserIdclaim set to the resolved user ID, enabling requester-scoped reads without therequesterIdquery param. The client must control the user's primary organization. Examples:[{"type":"user_delegation","subject":"user-uuid"}][{"type":"user_delegation","subject_email":"alice@school.org"}]
Both types can be combined in a single request.
-
- scopeType: string
Space-separated list of scopes
