Starting with meshIQ Platform 12.0, all REST API authentication is OIDC-compliant. An access token generated from one REST API endpoint can now be used across other meshIQ REST API endpoints, including:
meshIQ Service (Domain) REST API
Permits REST API
WGS REST API
1. Generating an Access Token
You can generate an access token using the new authentication API:
HTTP POST request to:
{REST_SERVER}/auth/v2/oidc/tokenwith grant_type=password.
Required Parameters
client_id – Client (issuer) making the request (e.g., application identifier)
grant_type – Use
passwordusername – Username (can be set via Authorization header Basic base64(username:password))
password – Password (can be set via Authorization header Basic base64(username:password))
scope – Use
offline_accessto also generate a refresh token
Example Request 1 (username/password in request body)
curl -X 'POST' \
'http://localhost:8018/auth/v2/oidc/token' \
-H 'accept: application/json' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'client_id=TestAPP&grant_type=password&username={username}&password={password}&scope=offline_access'Example Request 2 (username/password in Basic Authorization header)
curl -X 'POST' \
'http://localhost:8018/auth/v2/oidc/token' \
-H 'accept: application/json' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Authorization: Basic {base64(username:password)}' \
-d 'client_id=TestAPP&grant_type=password&scope=offline_access'Sample Response
{
"scope": "offline_access",
"access_token": "eyJraWQiOiJkZWYiLCJhbGciOiJSUzI1NiJ9...",
"token_type": "Bearer",
"expires_in": 1801,
"refresh_token": "45b63ec5-07d7-4ec8-8f01-fdaf042d1e86...",
"id_token": "eyJraWQiOiJkZWYiLCJhbGciOiJSUzI1NiJ9..."
}Response Parameter Details
scope – Scope of the access token
access_token – The JWT access token used for REST API calls
token_type – Usually
Bearerexpires_in – Time (in seconds) until the token expires
refresh_token – Token for generating a new access token without re-authentication (when using
offline_accessscope)id_token – Identity token containing user identity claims
2. Using the Access Token
Once you have an access token, include it in your REST API calls as a Bearer token in the Authorization header.
Example API Call
curl -X 'GET' \
'http://localhost:8018/domain/v1/nodes' \
-H 'accept: application/json' \
-H 'Authorization: Bearer {access_token}'3. Refreshing an Expired Access Token
When your access token expires, you can request a new one using the refresh token.
HTTP POST request to:
{REST_SERVER}/auth/v2/oidc/tokenwith grant_type=refresh_token.
Required Parameters
client_id – Client (issuer) making the request (e.g., application identifier)
grant_type – Use
refresh_tokenrefresh_token – The refresh token obtained from the initial authentication
scope – Use
offline_accessto continue receiving refresh tokens
Example Refresh Request
curl -X 'POST' \ 'http://localhost:8018/auth/v2/oidc/token' \ -H 'accept: application/json' \ -H 'Content-Type: application/x-www-form-urlencoded' \ -d 'client_id=TestAPP&grant_type=refresh_token&refresh_token=45b63ec5-07d7-4ec8-8f01-fdaf042d1e86...&scope=offline_access'
Sample Refresh Response
{
"scope": "offline_access",
"access_token": "eyJraWQiOiJkZWYiLCJhbGciOiJSUzI1NiJ9...",
"token_type": "Bearer",
"expires_in": 1801,
"refresh_token": "45b63ec5-07d7-4ec8-8f01-fdaf042d1e86...",
"id_token": "eyJraWQiOiJkZWYiLCJhbGciOiJSUzI1NiJ9..."
}