API token
/
Authenticate using API token

Identity Management (1.0)

Download OpenAPI description
Users, Auth and Security
Single Sign-On
SCIM Provisioning
Entitlements
Entitlements Agent
Accounts (Tenants)
Overview
Languages
Servers
EU Region

https://api.frontegg.com/identity/

US Region

https://api.us.frontegg.com/identity/

CA Region

https://api.ca.frontegg.com/identity/

AU Region

https://api.au.frontegg.com/identity/

https://{domain}.frontegg.com/identity/

API token

Operations

Authenticate using API token

Request

This route authenticates a tenant’s or user’s API token. The clientId and secret key are in Admin Portal ➜ API Tokens. Send these values as params in the POST body and authenticate to your Frontegg domain by replacing api.frontegg.com with your Frontegg domain.
NOTE: This route enforces(by default) a rotation mechanism for refresh tokens associated with the API token. It limits each token to a maximum of 100 refresh tokens simultaneously. When a client authenticates using the same API token for the 101th time, the earliest refresh token is automatically invalidated.

Bodyapplication/jsonrequired
clientIdstringrequired
secretstringrequired
curl -i -X POST \
  https://api.frontegg.com/identity/resources/auth/v2/api-token \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "clientId": "string",
    "secret": "string"
  }'

Responses

Bodyapplication/json
access_tokenstringrequired
refresh_tokenstringrequired
expires_innumberrequired
expiresstringrequired
Response
application/json
{
  "access_token": "string",
  "refresh_token": "string",
  "expires_in": 0,
  "expires": "string"
}

Refresh API token

Request

This route refreshes a JWT using the refresh token value. If the refresh token is valid, the route returns a new JWT and refresh token. Send the frontegg-vendor-host as a header to declare which vendor. This is your domain name in the Frontegg Portal âžś Workspace Settings âžś Domains âžś Domain Name.

Bodyapplication/jsonrequired
refreshTokenstringrequired
curl -i -X POST \
  https://api.frontegg.com/identity/resources/auth/v2/api-token/token/refresh \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "refreshToken": "string"
  }'

Responses

Bodyapplication/json
access_tokenstringrequired
refresh_tokenstringrequired
expires_innumberrequired
expiresstringrequired
Response
application/json
{
  "access_token": "string",
  "refresh_token": "string",
  "expires_in": 0,
  "expires": "string"
}

General

Operations

MFA

Operations

Users

Operations