TokenRequest

  • grant_type
    enum
    const:  
    client_credentials
    required
    values
    • client_credentials
  • authorization_details
    Type: string

    RFC 9396 Rich Authorization Requests (subset). URL-encoded JSON array of typed objects. The value must be URL-encoded in the form body.

    Supported types:

    • org_scope — Narrow the token's org scope. Include "locations" with org UUIDs. The token's custom:orgRoles claim will contain only the requested orgs (must be a subset of the client's allowed orgs). Example: [{"type":"org_scope","locations":["org-uuid-1"]}]

    • user_delegation — Issue a user-scoped token. Provide at least one of:

      • "subject" — the target user's sourcedId (UUID).
      • "subject_email" — the target user's email (platform resolves to UUID internally). If both are provided, subject takes priority. The issued token carries a custom:delegateUserId claim set to the resolved user ID, enabling requester-scoped reads without the requesterId query param. The client must control the user's primary organization. Examples: [{"type":"user_delegation","subject":"user-uuid"}] [{"type":"user_delegation","subject_email":"alice@school.org"}]

    Both types can be combined in a single request.

  • scope
    Type: string

    Space-separated list of scopes