logo
API Reference
SDKs and Tools
Changelog
Integrations
Create Sandbox
No results found.
Docs
Getting started
API Reference
Generate access token
Verify access token
Webhooks 1.0

OAuth 2

The signNow API relies on OAuth 2.0 protocol for authorization. During the authorization flow every user should obtain a token for each application. The Basic Authorization token is generated automatically for the Test app in your account and every other app you upload. It’s available in your Sandbox account on the API Dashboard.

In order to request a Bearer token, users should make a call to POST /oauth2/token.

All requests must include an access token in the Authorization Header. POST requests for creating a user or requesting an access token must include the client credentials and a Basic Authorization token.

Only integers are recognized as numeric values. signNow supports several grant types: authorization_code, refresh_token, and password.

The most commonly used authorization flow is creating access from a third-party application via grant type authorization_code. Grant type password is used for application owner’s accounts. They, in turn, provide access to signNow resources via three-legged OAuth using authorization_code.

Related article: Authentication

Endpoints 
                
                  
                       POST
                     /oauth2/token
                  
                
              
                
                  
                        GET
                     /oauth2/token

Generate access token

Creates an access token for a user.

Parameters
  • grant_type required
    Can be authorization_code, refresh_token, password. See more: Authentication
  • scope optional
    Specifies what access this user gets. Default value “*” - all endpoints are available.
  • code required for grant type: authorization_code
    Authorization code that allows third-party applications to provide access to signNow. See more: How to obtain an authorization code
  • username required if grant type: password
    User's email address.
  • password required if grant type: password
    User's password.
  • refresh_token required if grant_type: refresh_token
    The token that refreshes the user's access.
  • expiration_time optional
    The amount of time till the token expires in seconds.
Returns

Returns the Bearer-type token according to the requested grant type. Returns an error when:

  • “invalid_client” - incorrect basic auth token
  • “invalid_request” - request without a required parameter
  • “invalid_scope” - invalid scope
  • “Invalid credentials.” - either incorrect password or non-existing email provided
POST /oauth2/token 
                  
                    curl 
                    -X POST
                     \
                  
                
                  
                    https://api-eval.signnow.com/oauth2/token
                     \
                  
                
                  
                    -H
                     'Authorization:
                     Basic 'Authorization: Basic {{basic_authorization_token}}'
                     \
                  
                
                  
                    -H
                     'content-type:
                     multipart/form-data;'
                     \
                  
                
                  
                    -F
                     'grant_type=
                    authorization_code'\
                     \
                  
                
                  
                    -F
                     'scope=
                    *'
                  
                
                  
                    -F
                     'code=
                    {{authorization_code}}'\
                     \
Response 
                    {
                  
                      "expires_in": 2592000,
                  
                      "token_type": "bearer",
                  
                      "access_token": "7cfe4b0fecbfaa0b4781c30262f0bf3f68b9b6ca5d11270fd83a091e968042d9",
                  
                      "refresh_token": "59889bcbced82d5c2ba1bc7d0f634f30521e3d47b7f96221a2d8618a30175a16",
                  
                     "scope": "*",
                 
                     "last_login": 1
                 
                   }

Verify access token

Verifies an access token for a user.

    No parameters required.
Returns

Returns the access_token itself, its type, scope, and expiration date. Returns error when either incorrect or expired token is provided in the header.

GET /oauth2/token 
                  
                    curl 
                    -X GET
                     \
                  
                
                  
                      https://api-eval.signnow.com/oauth2/token
                     \
                  
                
                  
                    -H
                     'Authorization:
                     Bearer {{token}}'
                     \
                  
                
                  
                    -H
                     'Content-Type:
                     application/json'
Response 
                    {
                  
                      "access_token": "8d83aed6d902c396e2a45d73eb0f5e41cfa11caa726e621247dc15c46d5fb112", 
                  
                      "scope": "*", 
                  
                      "expires_in": "2517898", 
                  
                      "token_type": "bearer"
                  
                    }