Get an Access Token

You submit a POST request to the /token endpoint to obtain the access token that you must use in every API request.

1. POST to {{url}}/token, where url resolves to www.company.deltek.com/company/api. For example:

   curl -X POST \
     https://{{url}}/token \
     -H 'content-type: application/x-www-form-urlencoded' \
     -d 'Username={{username}}&Password={{password}}&grant_type=password&Integrated={{integrated}}&database={{database}}&Client_Id={{client_id}}&client_secret={{client_secret}}'
   

   In the body of the request, pass the following information:

   • Username: Your Deltek user name
   • Password: The password associated with the user name
   • Grant_type: “password”
   • Integrated: “Y” if you use Windows Authentication or Windows Azure Active Directory Authentication, otherwise “N”
   • Database: The name of the database to log into
   • Client_Id: The client ID that you obtained in the browser application at Utilities > Integrations > API Authorization
   • Client_secret: The client secret that you obtained in the browser application at Utilities > Integrations > API Authorization
   The API returns the access_token in the body of the response. The following is a JSON example (the example token is truncated for display, actual tokens are much longer):

   {
       "access_token": "5mjIqBC2yjuGPI3frcV3AeMcE4wNN3ZXZ7zE3xF1tCWhidKIMZiH71wPeAWZ50ojQ",
       "token_type": "bearer",
       "expires_in": 1799,
       "refresh_token": "N3h/5UvLUL/LAP5/QcC8+B+vfOS3IE="
   }

2. In the body of the response, these fields return:
   • access_token: The unique credential that provides specific permission to use the API.
   • token_type: The token type represents how the access token will be generated.
   • expires_in: This value is the number of seconds until the access token expires. The expires_in field is a running countdown.
   • refresh_token: The unique credential that allows a client to get a new access token.