Skip to main content

Get an access token

The GraphQL API uses OAuth 2.0 to authorize applications. Applications must request an access token using the Client Credentials flow using the Client ID and Client Secret for your API key (see Creating an API key).

Requests an access token

To request an access token send a POST request as follows (line breaks have been added between parameters to make them easier to read):

POST /af805de0-eb0e-40f3-b26e-300d592d9be7/oauth2/v2.0/token HTTP/1.1
Host: login.microsoftonline.com:443
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials
&scope=https%3A%2F%2Feventsairtest.onmicrosoft.com%2F376bc93e-8297-4842-921b-d0e49d382d59%2F.default
&client_id={{YOUR_CLIENT_ID}}
&client_secret={{YOUR_CLIENT_SECRET}}

The following table describes the parameters required when requesting an access token:

ParameterValue
grant_typeMust be set to client_credentials
scopeMust be set to https://eventsairtest.onmicrosoft.com/376bc93e-8297-4842-921b-d0e49d382d59/.default
client_idMust be set to the value of the Client ID issued to you for your application
client_secretMust be set to the value of the Client Secret issued to you for your application
tip

For development and testing, Postman makes it easy to configure these settings and generate an authorization token. See Authorizing requests in the Postman documentation.

Access token lifetime

The access token is valid for 60 minutes. You will need to retrieve a new authentication token following the above steps if your token has expired.