Generate an API Access Token

Any calls to the API require an access token to authenticate the access key and authorize the request. After generating the API Access Token, you can then make Documents API calls.

To generate an access token, send a standard HTTP POST request including the required header and body parameters to your Passportal server's API token endpoint "/api/v2/auth/client_token". Where successful this request returns the access token, its expiration date and time (Linux) along with the refresh token. For information on the <Base_URL> please review API Information.

POST: <Base_URL>/api/v2/auth/client_token


Variable Description Type Required In
x-key API Access Key ID String Yes Header
x-hash Hashed secret key String Yes Header
content-type Request method, "application/json" String Yes Header
scope Point to "docs-api" String Yes Body
content Plain text message used to compute the hash, in our example "api-content-hash" String Yes Body

Request Format


curl --location --request POST 'https://<SERVER>/api/v2/auth/client_token' \
--header 'x-key: <your_API_Access_Key_ID>' \
--header 'x-hash: <HMAC_Token>' \
--header 'content-type: application/json' \
--data-raw '{
"scope": "docs_api",
"content": "<Text_To_Compute_The_Hash>"


Key Value
x-key <your_API_Access_Key_ID>
x-hash <HMAC_Token>
content application/json
Body (raw | JSON)
"scope": "docs_api",
"content": "<Text_To_Compute_The_Hash>"

Response Format

  "success": true,
  "access_token": "string",
  "refresh_token": "string",
  "expiry_time": "string" 

Sample Response

  "success": true,
  "access_token": "eyJ0eXiJIU.eyJpYXij2DygOEMwWaVjiGtyjGlnQtY.cSdAGdlByK1tm6PEa5g",
  "refresh_token": "ada74ba74e1e45af52bfb77e8d189e078",
  "expiry_time": 1634808171