Authorization Rule

Yeastar P-Series PBX System API uses the OAuth 2.0 protocol for authentication and authorization. This topic introduces the authorization process and the token expiration time.

Authorization process

The process that a third-party application accesses the Yeastar P-Series PBX System API using OAuth 2.0 is shown below.

  1. Third-party application authenticates with credentials to request an access token.

    After an application obtains credentials ( Client ID and Client Secret) from the PBX web portal (Path: Integrations > API), the application sends the credentials to request an access token.

  2. PBX provides an access token.

    The PBX validates the Client ID and Client Secret, and responds with an access token.

  3. Third-party application uses the access token to call an API.

    The third-party application sends API requests carrying the obtained access token to make authenticated API calls.

  4. PBX provides requested resources.

    The PBX authenticates the access token and returns the requested data.

  5. Refresh the access token if necessary.

    The access token expires after 30 minutes. You can refresh access token to obtain a new access token for API calls.

Token expiration

The access token expires after 30 minutes, and the refresh token expires after 24 hours. The third-party application can use Refresh Access Token to update the tokens, or use the Get Access Token to request new access token and refresh token.