Ctrl+K

Retrieve a token

Retrieve a token#

Deprecated

This endpoint is deprecated and may be removed in a future release.

This endpoint was deprecated on 2026-02-12.

It is scheduled for sunset on 2029-01-31.

Description#

Include the client_id and client_secret in the body of the request as form encoded parameters. For example, the body of the request would be grant_type=client_credentials&client_id=<client_id>&client_secret=<client_secret>. The client can optionally specify a scope parameter to limit the scope of the returned access token. In turn, the server uses a scope response parameter to inform the client of the scope of the actual access token issued. The actual scope returned may not match the scope requested. Subsequent requests to Workiva APIs are authorized using the bearer token.

POST /iam/v1/oauth2/token

Parameters#

Parameter

In

Type

Required

Description

X-Version

header

string

false

Version of the API (2022-01-01)

client_id

body

string

false

A previously obtained client id.

client_secret

body

string

false

A previously obtained client secret.

grant_type

body

string

true

The grant type for the Bearer token. Must be client_credentials.

scope

body

string

false

The scope of the access request.

Enumerated Values#

Parameter

Value

grant_type

client_credentials

Body parameter example#

client_id: string
client_secret: string
grant_type: client_credentials
scope: string

Code Samples#

curl -X POST https://api.app.wdesk.com/iam/v1/oauth2/token \
    -H 'Content-Type: application/x-www-form-urlencoded' \
    -H 'Accept: application/json' \
    -H 'X-Version: 2022-01-01'

http POST https://api.app.wdesk.com/iam/v1/oauth2/token \
    X-Version:2022-01-01 \
    Content-Type:application/x-www-form-urlencoded \
    Accept:application/json

wget --method=POST "https://api.app.wdesk.com/iam/v1/oauth2/token" \
    --output-document -  \ 
    --header 'Content-Type: application/x-www-form-urlencoded' \ 
    --header 'Accept: application/json' \
    --header 'X-Version: 2022-01-01'

import requests

headers = {
  'X-Version': '2022-01-01',
  'Content-Type': 'application/x-www-form-urlencoded',
  'Accept': 'application/json'
}

r = requests.post('https://api.app.wdesk.com/iam/v1/oauth2/token', headers = headers)

print(r.json())

Returns#

200 - OK#

Bearer token to use in subsequent requests to the Workiva APIs.

400 - Bad Request#

Error response object containing an error code.

401 - Unauthorized#

Error response object containing an error code.

Example Responses#

{
  "access_token": "string",
  "expires_in": 0,
  "scope": "string",
  "token_type": "string"
}