OAuth 2

The signNow API relies on OAuth 2.0 protocol for authorization. During the authorization flow every user should obtain a token for each application. The Basic Authorization token is generated automatically for the Test app in your account and every other app you upload. It’s available in your Sandbox account on the API Dashboard.

In order to request a Bearer token, users should make a call to POST /oauth2/token.

All requests must include an access token in the Authorization Header. POST requests for creating a user or requesting an access token must include the client credentials and a Basic Authorization token.

Only integers are recognized as numeric values. signNow supports several grant types: authorization_code, password, and refresh_token.

The most commonly used authorization flow is creating access from a third-party application via grant type authorization_code. Grant type password is used for application owner’s accounts. They, in turn, provide access to signNow resources via three-legged OAuth using authorization_code.

Related article: Authentication

Generate access token

Creates an access token for a user.

Parameters
  • username required if grant type: password
    User's email address.
  • password required if grant type: password
    User's password.
  • grant_type required
    Can be password, refresh_token, authorization_code.
  • scope optional
    Specifies what access this user gets. Default value “*” - all endpoints are available.
  • refresh_token required if grant_type: refresh_token
    The token that refreshes the user's access.
  • code required if grant type: authorization_code
    Authorization code that allows third-party applications to provide access to signNow.
  • expiration_time optional
    The amount of time till the token expires in seconds.
Returns

Returns the Bearer-type token according to the requested grant type. Returns an error when:

  • “invalid_client” - incorrect basic auth token
  • “invalid_request” - request without a required parameter
  • “invalid_scope” - invalid scope
  • “Invalid credentials.” - either incorrect password or non-existing email provided
POST /oauth2/token
                  
                    curl 
                    -X POST
                     \
                  
                
                  
                    https://api-eval.signnow.com/oauth2/token
                     \
                  
                
                  
                    -H
                     'Authorization:
                     Basic 'Authorization: Basic {{basic_authorization_token}}'
                     \
                  
                
                  
                    -H
                     'content-type:
                     multipart/form-data;'
                     \
                  
                
                  
                    -F
                     'username=
                    user@email.com'
                     \
                  
                
                  
                    -F
                     'password=
                    {{password}}'
                     \
                  
                
                  
                    -F
                     'grant_type=
                    password'\
                     \
                  
                
                  
                    -F
                     'scope=
                    *'
                  
                
Response
                    {
                  
                      "expires_in": 2592000,
                  
                      "token_type": "bearer",
                  
                      "access_token": "7cfe4b0fecbfaa0b4781c30262f0bf3f68b9b6ca5d11270fd83a091e968042d9",
                  
                      "refresh_token": "59889bcbced82d5c2ba1bc7d0f634f30521e3d47b7f96221a2d8618a30175a16",
                  
                     "scope": "*",
                 
                     "last_login": 1
                 
                   }
                 

Verify access token

Verifies an access token for a user.

    No parameters required.
Returns

Returns the access_token itself, its type, scope, and expiration date. Returns error when either incorrect or expired token is provided in the header.

GET /oauth2/token
                  
                    curl 
                    -X GET
                     \
                  
                
                  
                      https://api-eval.signnow.com/oauth2/token
                     \
                  
                
                  
                    -H
                     'Authorization:
                     Basic {{basic}}'
                     \
                  
                
                  
                    -H
                     'Content-Type:
                     application/json' 
                  
                
Response
                    {
                  
                      "access_token": "8d83aed6d902c396e2a45d73eb0f5e41cfa11caa726e621247dc15c46d5fb112", 
                  
                      "scope": "*", 
                  
                      "expires_in": "2517898", 
                  
                      "token_type": "bearer"
                  
                    }