Authorization Rules

Yeastar Workplace API utilizes OAuth 2.0 for authorization, granting third-party applications access to resources on Yeastar Workplace through secure tokens, eliminating the need for user credentials. This topic explains the authorization process and the token validity period.

Authorization process

The process that a third-party application accesses the Yeastar Workplace API using OAuth2.0 is shown below.

1. Third-party application uses the credentials (Client ID and Client Secret) obtained from Yeastar Workplace admin portal to request an access token, which is required for the application to access Yeastar Workplace API.
2. Yeastar Workplace validates the credentials, and sends an access token along with a refresh token.
3. Third-party application calls the Yeastar Workplace API by passing the access token either in an Authorization HTTP header Bearer value or in an access_token query parameter.
4. Upon receiving the request, Yeastar Workplace authenticates the access token and returns a response, providing the information requested by the API call.
5. Access token expires 24 hours after it is issued, you need to refresh the access token before it expires.

Token validity period

Both the access token and refresh token are valid for 24 hours.