# Authorize Session Generates authentication credentials that expire after one hour. The authentication response includes an accessToken which is used as the AccessToken request header when performing any authenticated operation. This operation will also accept the previous authentication response as the request payload to return a refreshed access token. The access token expires after 1 hour and must be refreshed after expiration, using the included refreshToken. The refresh token can be used for up to 30 days to request new access tokens, or until the refresh token is revoked. Once the refresh token expires or is revoked, the user credentials must be provided again to generate a new access token and refresh token. Average Response Time: 3671ms (New Token) Average Response Time: 233ms (Refresh Token) Endpoint: POST /auth/token Version: 1.5 Security: BasicAuth, ApiKeyAuth ## Header parameters: - `X-API-Key` (string, required) Customer-specific API key required to invoke API. - `Content-Type` (string, required) Enum: "application/json" ## Request fields (application/json): - `username` (string) Use in a new token request. Username of the user in Tenovos. - `password` (string) Use in new token request. Valid password for the Tenovos user account. - `session` (object) Use this to refresh token - `session.refreshToken` (string) - `session.accessToken` (string) ## Response 200 fields (application/json): - `endpointUrl` (string) Example: "https://endpoint.url/v1" - `clientId` (string) Example: "abcdefghijklmnop1234567890" - `userPoolId` (string) Example: "us-east-1_123456789" - `username` (string) Example: "username" - `password` (string) - `session` (object) - `session.authorization` (string) Example: "eyJraWQiOiJqQWNzNDFBdFBEcXdKTVN6Y0dzV01SNFR0T3hETDhcL3dtOW9qQ0JOWVdqcz0iLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiI0ZmUwZTVhZi0yMjU1LTRiZDUtYjAwYS0yM2FkMTIxZTA2ZjIiLCJhdWQiOiI3c201amlsZG5iZnJyOGNncTNrZWRpZW83IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJldmVudF9pZCI6IjQ1YWI3YzJjLTJjYWUtNDE2MS1hYmE4LWMyMmIxZmQ5NGViYyIsInRva2VuX3VzZSI6ImlkIiwiYXV0aF90aW1lIjoxNjEzNzUyODE3LCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAudXMtZWFzdC0xLmFtYXpvbmF3cy5jb21cL3VzLWVhc3QtMV9PU2dRdlRhVEEiLCJjb2duaXRvOnVzZXJuYW1lIjoiamVmZiIsImV4cCI6MTYxMzc1NjQyMCwiaWF0IjoxNjEzNzUyODIwLCJlbWFpbCI6ImplZmZAdGVub3Zvcy5jb20ifQ.kzu1AddXc-HIopmmsxnnXjDiKXhOLox6P2Hx5HCg0gzupbjW9hjbMWVl0NIZRgrLJIEkYjTl9zRUre_QpiJdeVdluMVPLi6OfMUy8XskeqrOAUFDr3nqrkt99uR-LSrVd_hI8NSGvRPXEcWXV6A35Nq8_xZ8tHHlWEanGhtNcEPzgWa1JU1LdQPDCtixgwQGhroevX2TByGC_yfbimn9l5JeveQGyWKNIfvUPR9zLu2g8bPgCzCUroNWU1QRh1o-p1-8lMVwyROl3mIiCfSTo_QwtLArcFTJi5MyMsWCwWHXV" - `session.refreshToken` (string) Example: "eyJjdHkiOiJKV1QiLCJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiUlNBLU9BRVAifQ.jkuKuQVDhGxbX04I3iczTCioh9ah2MA90YkOcY7DTyLS94XCvS_JpOhUSHhk70uM_ZNxLCU00OtahFm7Ktc-Zw_21qjuA40yf9Uf0KcQok5DEbv-9-_j8F4PAdChaS8Cok_-SjUoZmbiIgC-uF601vcczTHgC2SLs4FiOubdc-3tVjQrt6sf0k_W3cBBR-ajbYrDYMdHiJGEtetod88bO1WYJlSWhSddHXkjWOYE0-x3flkDswYJkEq1FKpc1lgqaeoVGShJ90H4S9Yj_FS9vHd0Yq8pwOUkCjIr_P3xFK4d9pRtEc35gkQ3QMbE1Nx93srzUx2rkI75_J2Hf3IltA.jlAjOx1FRapys-J-.YfjwTEQMsnp1wPXkKab_NvA_6lZp15ur2zNUEuX0NqC4hfQ6kbzzQXOl_nLujNwLI8YqqNgLni3l4Eu-luxHDCM2fHvjVaL6_ULJ9VThkBlkJYmxFQZX8c20EPWa1IBH630EPKslFNwPgYT113" - `session.accessToken` (string) Example: "eyJraWQiOiJITk5BbmN6bW1NajFaMUlGNXE3SXdzM3RvbE1QWnFYRjBWVFVzUGQyTnc4PSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiI0ZmUwZTVhZi0yMjU1LTRiZDUtYjAwYS0yM2FkMTIxZTA2ZjIiLCJldmVudF9pZCI6IjQ1YWI3YzJjLTJjYWUtNDE2MS1hYmE4LWMyMmIxZmQ5NGViYyIsInRva2VuX3VzZSI6ImFjY2VzcyIsInNjb3BlIjoiYXdzLmNvZ25pdG8uc2lnbmluLnVzZXIuYWRtaW4iLCJhdXRoX3RpbWUiOjE2MTM3NTI4MTcsImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC51cy1lYXN0LTEuYW1hem9uYXdzLmNvbVwvdXMtZWFzdC0xX09TZ1F2VGFUQSIsImV4cCI6MTYxMzc1NjQyMCwiaWF0IjoxNjEzNzUyODIwLCJqdGkiOiI3NWJjZWYzZi03Njg3LTQ5MjgtOTY2Zi05MzM0MmQ0MjFmYjkiLCJjbGllbnRfaWQiOiI3c201amlsZG5iZnJyOGNncTNrZWRpZW83IiwidXNlcm5hbWUiOiJqZWZmIn0.COepDhay_VaqCHJwNOT" - `session.expireEpoch` (number) Example: 1546300800000 ## Response 400 fields (application/json): - `status` (string) Example: "error" - `message` (string) Example: "Detailed Error Message" ## Response 401 fields (application/json): - `status` (string) Example: "error" - `message` (string) Example: "Detailed Error Message"