Password Credential Login
The Password Credential Login flow allows a client to use userid/password credentials to get an access token. The following is an overview diagram for Accela OAuth2 Resource Owner Password Credentials flow.
To get an access token using the Password Credentials login flow:
-
Get your app ID and app secret values
Log in to Accela Developer Portal and create an agency or citizen app. Once an app is created, note down the app ID and app secret values from Accela Developer Portal > My Apps.
-
Get an access token
HTTP Request URI: https://auth.accela.com/oauth2/token
-
HTTP method: POST
-
HTTP content type: application/x-www-form-urlencoded
Request Parameters:
Parameter Type Description client_id Required The app ID value from Accela Developer Portal > My Apps. client_secret Required The app secret value from Accela Developer Portal > My Apps. grant_type Required The grant type of the current request. The value must be set to "password". Note: Make sure the grant_type value "password" does not contain any space character.username Required For a citizen app, the user name is the Civic ID.
For an agency app, the user name is the Accela Automation account.
password Required The corresponding password of the Civic ID or Accela Automation account.
scope Required The value of the scope parameter is expressed as a list of space-delimited, case-sensitive strings. The strings are defined by the authorization server. If the value contains multiple space-delimited strings, their order does not matter, and each string adds an additional access range to the requested scope. For example, "create_record get_record" indicates a requested scope which shows the access range of creating a record and getting a record. agency_name Optional/Required The agency identifier as registered within the Construct admin portal. APIs such as Get All Agencies, Get Agency and Search Agencies return valid agency names.
For a citizen app, agency_name is optional.
For an agency app, agency_name is required.
environment Required The Accela environment name, such as "PROD" and "TEST". The Get All Agency Environments API returns a list of configured environments available for a specific agency. The Get Environment Status checks connectivity with the Agency/Environment. HTTP content type: application/json
Parameter Type Description access_token Required The issued access token containing the agency, environment, user and scopes. Subsequent API calls will only require an Authorization header using this token. token_type Required The type of the issued token. It contains the fixed value "bearer" for current grant type. expires_in Required The lifetime in seconds of the access token. For example, the value "3600" denotes that the access token will expire in one hour from the time the response was generated. refresh_token Required The refresh token that can be used to obtain a new access token. scope Optional The scope of the resources authenticated by the authorization server. state Optional/Required Required if the "state" parameter was present in the client authorization request.
Indicates the exact value received from the client.
Parameter Type Description error Required The error code. Refer here for details. error_description Optional The error description text. error_uri Optional The URI of web page with more information about the error. state Optional/ Required Required if "state" parameter was present in the client authorization request.
Indicates the exact state value received from the client request.
Note: The line breaks shown below in URLs are only to make these better readable. Delete the line breaks for your actual use.
URL https://auth.accela.com/oauth2/token HTTP Method POST HTTP Header Content-Type: application/x-www-form-urlencoded HTTP Body
grant_type=password &client_id=634922733084115102 &client_secret=abb1e0eca03e4ccaaf9b67955c48c01c &username=developer &password=accela &scope= get_records &agency_name=Nullisland &environment=TEST
HTTP Body { "access_token": "3xGDezCgbB3BC4eAb4llKWfxiM0pnTGXzpUR61aSNP2frS8 T3zOnUR3jxZeN08Xzn-5RCJ7XJzD02X3ZP8Pq2z_Hp_0IpQKtIy0d4g8nva XTyNc1IUKD4uNO92KlQ1Q-O5Ds782a0zB6jfxmpvpnfMMnm7Vn8Be6hP txJvOdGnpW9tjPr5O3CnNdJfMnyhk79eyRiNmDO6ePjMN2HQxPAbl3FKl QKb3KXXN2qJHgJJR_pt91ZKfckqn-i2OjmKSZThzFFigpDbG7avQc4r2jAn VuqDbwEbNQBUDEVD8vyXPgIB5_w-tS1oY_mTeYyC8szwY2C-47YoCO -D9gCxsf0-Z9jcsxYYeaHKzOZivv82_nGHqE9kvq1WuCAbqTM06E4a49EX a4xmStdmuHMG789uDbfvsO8axCh9ELUA8XE8REzcVhh0Ri7KPAHABYx uhWuRnTStA39qnhFJu71CVClBSWo-n4ri2CYRQMgGhVa9Up4X9oGSPHa Il76cAnzLwRNnJpYOoTkK0fMwdVpGLThN_y7zjqbzmipcin0POO-C6gTS_ mFeJ8dD8IBFtPHkxPeojEHZwQwzKIhAPQb0vjLp6n5MT0Y6t-PHSlpmaUY 1MC7vTFaQCH0Nvn-QvCJa2Nw0ZY0p3MLfrEjFOSFsTuqOEhXQLbd8Eakg 3HSXiTvUIC9cnJMBk9-rkd9_1bapYWOosYJsj4Mqy_23QgNgSTyMI4QVV dGJgWgYOSchN_QfzlBF4ymL8C0zSB1NfX-MmXoLOHl-Sh-2gJblBhnPj08 dywe6n6XHm-sar2t_RJnZDgwD4h95BTlJq91NcZOVJtkPNVDM7KPmddzV I3uyboWBpCcZOmRokJhBCEST8mueJKqmmjzAjPxCSYdBD4Zj7g4G_gp0l CKFr3nO7-UgGwCXfyAnWpcb0uTfv5usCfwcwdatXv6nCOH_qTQtbEeWfx0", "token_type": "bearer", "expires_in": "28800", "refresh_token": "OvNl!IAAAAGbyAM37pxFdYBt4JOtavTO2M2cm30mDjmhe IchHAcvagQIAAAHwT4HFP0bRLmFq7WncMnySLkg08yxYDelCoKcqcdw6iK VVUE2pG8TS91pCxerJRLTpzmFQZqsIsC1G0yRBoU1_hfYkZfkz4QHoUQcPs XjzR_xrr8mF_5d0VcY8RsF1uTLkvu-YHwcmaG-yphtkNFpAhMOuXF26TiYgH F0w53o-u8FlP8NnSqAFkSSNYn64rqarvp1LVTF4dMaoWjMr1XvmVlaIFBoHS R_Df4qCZMd-rDY3g9txDhJYKlOhNCv8AhooI3nde7ogJaj9siFhyZbbKEQyd5t5 0cicvZlbfLn-fgaUig4CdWufUCwC4YqsSt0aGmrhP4R40VWUNOaQFA3-6pNdO MEqdMckgWf5dAd2uy1HDU91Dy37sC2eOYk7c3MRhS_oI4ejjBEo5E7wnjrO6 hj24E-Wy3SyZqdWgCX7BPxX_DLHlA_WaiwmId8jIb1qTuKeOeguKtAz0 _9QpxyOcjDtmmBKv2jQMEhpDtob1Cy8HHr2vuydiSPVeJbAHDp8Hb_Q11 UdqBrgq0Bgi9khHdpBFvggbUwNeG6HLt3e3SrCEIOm0BWuJ2kKhIA4Vxug L9ZjB5tW78vjaseVhpQfkQNL56fnCft6GLSwYuzqPaKMRDIIYdzireG8GJ4bm 4S_4U7Vxpys_bfaN4MVmawk8uJkAzmlTfORFGiWAv_ydRT1mYL9YoYjY8Je KzdmGqDd6KQNcmOKHnZgPTn31JlFowqO-EqceHoRrjgcXRjDCqn9A dfp0Ub_ERkM_2U0sNmkgbkiY0pH4vmPPXUoPtpntdgxR12-DoJj-wm XJjO_QpIl6zk36jo41m_i2B5vWLZK8rRWvAalwrrC5BRapBA", "scope": "get_records" }
Refresh an access tokens (optional)
If an access token expires, use the following API to refresh the access token.
-
HTTP Request URI: https://auth.accela.com/oauth2/token
-
HTTP method: POST
-
HTTP content type: application/x-www-form-urlencoded
HTTP Response:Parameter Type Description client_id Required The app ID value from Accela Developer Portal > My Apps. client_secret Required The app secret value from Accela Developer Portal > My Apps. grant_type Required The grant type of the current request. The value must be set to "refresh_token". refresh_token Required The refresh token value obtained in the prior access token API request. HTTP content type: application/json
Response Data:
Parameter Type Description access_token Required The user access token. token_type Required The type of the issued token. It contains the fixed value "bearer" for current grant type expires_in Required The lifetime in seconds of the access token. For example, the value "3600" denotes that the access token will expire in one hour from the time the response was generated. refresh_token Required The refresh token that can be used to obtain a new access token. scope Optional The scope of the resources authenticated by the authorization server. state Optional/Required The exact value received from the client. Required if the "state" parameter was present in the client authorization request.
Parameter Type Description error Required The error code. Refer here for details. error_description Optional The error description text. error_uri Optional The URI of web page with more information about the error. state Optional/ Required The exact state value received from the client request. Required if "state" parameter was present in the client authorization request.
Note: The line breaks shown below in URLs are only to make these better readable. Delete the line breaks for your actual use.
URL https://auth.accela.com/oauth2/token HTTP Method POST HTTP Header Content-Type: application/x-www-form-urlencoded HTTP
Body
grant_type=refresh_token &client_id=634922733084115102 &client_secret= abb1e0eca03e4ccaaf9b67955c48c01c &refresh_token=AQNb!IAAAAG_3b0qMrBi7gGRdIbB3dH5uAs0pb3GvM6f2Fwkl WxBOAQEAAAGHqoZ1BACTzLa8hkNLqgVpN1TalKG2kaadzAdr1i1osrLWxFT caJH_0OghkVyJnDqwwpKbDaFtB5VzdZNdKd_u1CMXOJwjqX1ZjplqidDRYi0aE hUP_m8C_OyVdcKZsLvp0pWwcx9vmM4ApceYpS5SKLORyToxL920D8oONkQ SEAk_aqNlg0D7v-Cjx8ja8dESkkdnMNQwZ_APU4xhUwjJ3bB64n739SCLIDynpmH ahFPcWXMuMsbythf8oYIOKZS8ip7y3Xe39b4lhvNTPxzs-tRwojVIFyB6d_ h5e1DMfH3WnPp_L-54Zjb5Zo9kzjsgzbNN3es0MDcdru35AyGg
HTTP Body { "access_token": "3xGDezCgbB3BC4eAb4llKWfxiM0pnTGXzpUR61aSNP2frS8 T3zOnUR3jxZeN08Xzn-5RCJ7XJzD02X3ZP8Pq2z_Hp_0IpQKtIy0d4g8nva XTyNc1IUKD4uNO92KlQ1Q-O5Ds782a0zB6jfxmpvpnfMMnm7Vn8Be6hP txJvOdGnpW9tjPr5O3CnNdJfMnyhk79eyRiNmDO6ePjMN2HQxPAbl3FKl QKb3KXXN2qJHgJJR_pt91ZKfckqn-i2OjmKSZThzFFigpDbG7avQc4r2jAn VuqDbwEbNQBUDEVD8vyXPgIB5_w-tS1oY_mTeYyC8szwY2C-47YoCO -D9gCxsf0-Z9jcsxYYeaHKzOZivv82_nGHqE9kvq1WuCAbqTM06E4a49EX a4xmStdmuHMG789uDbfvsO8axCh9ELUA8XE8REzcVhh0Ri7KPAHABYx uhWuRnTStA39qnhFJu71CVClBSWo-n4ri2CYRQMgGhVa9Up4X9oGSPHa Il76cAnzLwRNnJpYOoTkK0fMwdVpGLThN_y7zjqbzmipcin0POO-C6gTS_ mFeJ8dD8IBFtPHkxPeojEHZwQwzKIhAPQb0vjLp6n5MT0Y6t-PHSlpmaUY 1MC7vTFaQCH0Nvn-QvCJa2Nw0ZY0p3MLfrEjFOSFsTuqOEhXQLbd8Eakg 3HSXiTvUIC9cnJMBk9-rkd9_1bapYWOosYJsj4Mqy_23QgNgSTyMI4QVV dGJgWgYOSchN_QfzlBF4ymL8C0zSB1NfX-MmXoLOHl-Sh-2gJblBhnPj08 dywe6n6XHm-sar2t_RJnZDgwD4h95BTlJq91NcZOVJtkPNVDM7KPmddzV I3uyboWBpCcZOmRokJhBCEST8mueJKqmmjzAjPxCSYdBD4Zj7g4G_gp0l CKFr3nO7-UgGwCXfyAnWpcb0uTfv5usCfwcwdatXv6nCOH_qTQtbEeWfx0", "token_type": "bearer", "expires_in": "28800", "refresh_token": " AQNb!IAAAAFZ_yW-9MQxxWVzXTgLPEZhSZGgUc9BLF Hi63advYilBAQEAAAGFT1MoIDAplxRvez-KBB_qKtz13V8mtU6I6wF_vCPBue 422aozp3Ar8DaaFciv_fAnwGJ63SEmmB7_zps-sZfPf-RcvD9FGTDDQytnOhH2F yGEjnlDaYsWoSYw7fj52bTJO7KY8HDI7N9KwHHZo6oss3wWY3APe-eUXf5O P53OSM3VZ_M5ij-kHDlPDTV7e30HOcdoGj76Pns3hxRSGTd9dtw4mPOOSeAH wy6mDeS6uqH9bcBHD9zSqOm16iwbXlayfEWH8xh3LTdMgcxAoKcCRZ-nChvxhtuk8BP3IbXvRP8KjXWl8TJ8NoJOtb1Q5R89ROPVt3xfsRHoihEAvV8Y ", "scope": "get_records" }
-
Validate the token.
It may be necessary to validate or get information about a token from the Accela Auth server to check whether it is the token requested by your client and generated for your client. To validate and match token information with the information used to request the access token, call the token validation API:
-
HTTP Request URI: https://auth.accela.com/oauth2/tokeninfo
-
HTTP method: GET
-
HTTP headers: Authorization: {access token}
Response Data
Request SampleParameter Description appId The app ID value from Accela Developer Portal. This value is passed in your access token request. userId The logged in user's unique id. agencyName The agency name defined in the Accela Administrator Portal. The agency name is passed by client request or chosen by the end-user during access token request flow. environment The Accela environment name, such as "PROD" and "TEST". The environment is passed by client request or chosen by the end-user during access token request flow. scopes The scopes of the resources that the client requests expiresIn The lifetime in seconds of the access token. URL https://auth.accela.com/oauth2/tokeninfo HTTP Method GET HTTP Header Authorization:3xGDezCgbB3BC4eAb4llKWfxiM0pnTGXzpUR61aSNP2frS8T3zOnU R3jxZeN08Xzn-5RCJ7XJzD02X3ZP8Pq2z_Hp_0IpQKtIy0d4g8nvaXTyNc1IUKD4uNO92KlQ1Q -O5Ds782a0zB6jfxmpvpnfMMnm7Vn8Be6hPCKFr3nO7gGwCXfyAnWpcb0uTfv5usC fwcwdatXv6nCOH_qTQtbEeWfx0
{ "appId": "123450949800276721", "userId": "63e79004", "agencyName": "myAgency", "environment": "DEV", "scopes": [ "addresses", "agencies", "get_civicid_profile", "records", "settings" ], "expiresIn": 85158 }
Error Response Sample
If the token has expired or has been invalidated, the Accela Auth server returns an error with a 400 status, as shown below:
{ "status": 400, "code": "invalid_token", "message": "Invalid token.", "traceId": "140530084954807-61409b20" }
-
Invoke APIs using the access token
After getting an access token, assign the value of the token to the "Authorization" header to invoke APIs.
Sample Request:URL https://apis.accela.com/v4/records HTTP Method GET HTTP Headers Content-Type: application/json Accept: application/json x-accela-appid: 634922733084115102 Authorization: 3xGDezCgbB3BC4eAb4llKWfxiM0pnTGXzpUR61aSNP2frS8 T3zOnUR3jxZeN08Xzn-5RCJ7XJzD02X3ZP8Pq2z_Hp_0IpQKtIy0d4g8nva XTyNc1IUKD4uNO92KlQ1Q-O5Ds782a0zB6jfxmpvpnfMMnm7Vn8Be6hP txJvOdGnpW9tjPr5O3CnNdJfMnyhk79eyRiNmDO6ePjMN2HQxPAbl3FKl QKb3KXXN2qJHgJJR_pt91ZKfckqn-i2OjmKSZThzFFigpDbG7avQc4r2jAn VuqDbwEbNQBUDEVD8vyXPgIB5_w-tS1oY_mTeYyC8szwY2C-47YoCO -D9gCxsf0-Z9jcsxYYeaHKzOZivv82_nGHqE9kvq1WuCAbqTM06E4a49EX a4xmStdmuHMG789uDbfvsO8axCh9ELUA8XE8REzcVhh0Ri7KPAHABYx uhWuRnTStA39qnhFJu71CVClBSWo-n4ri2CYRQMgGhVa9Up4X9oGSPHa Il76cAnzLwRNnJpYOoTkK0fMwdVpGLThN_y7zjqbzmipcin0POO-C6gTS_ mFeJ8dD8IBFtPHkxPeojEHZwQwzKIhAPQb0vjLp6n5MT0Y6t-PHSlpmaUY 1MC7vTFaQCH0Nvn-QvCJa2Nw0ZY0p3MLfrEjFOSFsTuqOEhXQLbd8Eakg 3HSXiTvUIC9cnJMBk9-rkd9_1bapYWOosYJsj4Mqy_23QgNgSTyMI4QVV dGJgWgYOSchN_QfzlBF4ymL8C0zSB1NfX-MmXoLOHl-Sh-2gJblBhnPj08 dywe6n6XHm-sar2t_RJnZDgwD4h95BTlJq91NcZOVJtkPNVDM7KPmddzV I3uyboWBpCcZOmRokJhBCEST8mueJKqmmjzAjPxCSYdBD4Zj7g4G_gp0l CKFr3nO7-UgGwCXfyAnWpcb0uTfv5usCfwcwdatXv6nCOH_qTQtbEeWfx0