Getting a "Lock Holder admin" scope Access Token

Lock Holder Admin Scope

The scope property can receive an array of lockHolder.admin:[lockHolderId] scope strings. The returned Access Token will provide access to all of the requested scopes. Here's an example request:

curl --location --request POST '<<api_url>>/auth/v1/token/' \
--header 'Content-Type: application/json' \
--data '{
    "grant_type": "client_credentials",
    "client_id": "**Your Client ID**",
    "client_secret": "**Your Client Secret**"

The response will have the following structure:

    "access_token": "mV4cI6MTY1NDAzMjI3N3IiXX0m2hU91eGGWP.muTmF5eUiOiJSb2N0c0bkwVwnwcetb",
    "token_type": "bearer",
    "expires_in": 3600,
    "lock_holder_ids": [
    "scope": [

Using the Access Token

Unloc's Integrator API endpoints will validate for the presence of an Authorization header containing the value Bearer followed by a space and then the access_token received in the Token request. Here's an example:

Authorization: Bearer mV4cI6MTY1NDAzMjI3N3IiXX0m2hU91eGGWP.muTmF5eUiOiJSb2N0c0bkwVwnwcetb

Use this header when making requests to the Integrator API.

Refreshing the Token

When the token expires, you get an error response with the code 401 and the following response body:

    "error": "JsonWebTokenError",
    "errorDescription": "JWT expired"

You can catch this response and make a new request to the Auth endpoint in order to get a new Access Token and update your Bearer token on the Authorization header.

You can also calculate the expiration date/time of the Access Token by taking into account the expires_in property of the Token response to preemptively request a new Token when the lifetime of the current one is about to expire.

Did this page help you?