SAP Sponsorships Engine Security Webservices API

URL: /api/restsecurity/access_token


Obtains a bearer access token that can be used to authenticate the subject making this request during future requests. All bearer access tokens for this subject that have been obtained earlier are invalidated by this request. The subject can be authenticated by means of a session ID given as the value for the JSESSIONID cookie. Alternatively, the subject can be authenticated using the username and password POST parameters. Subject authentication may also work by providing a bearer access token as obtained by an earlier call to this service end point. The bearer token has to be provided as an HTTP request header field "Authorization: Bearer <bearer-token>" Lastly, basic authentication can be used where technically the username and password are provided as base64-encoded string in the "Authorization:" header field like this: "Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==". Most REST clients use shorthand URL notations with ":" and "@" to denote basic authentication, with these URL elements not being logged.

Request Method: GET/POST
Output format: JSON document of the following format
Mandatory parameters: None
Using the session ID in a session cookie:
curl -D /tmp/header -b JSESSIONID=5e94c93e-b515-4bcd-8df8-0c786805a9e0
Using POST username and password form parameters:
curl -d "username=admin&password=admin" -D /tmp/header
Using a bearer access token:
curl -D /tmp/header -H "Authorization: Bearer MVPg/uCV1QGqMDmDtUuOQBrSrB1NlIldm0LW+dnxZ2A="
Using basic authentication:
curl -D /tmp/header http://admin:admin@