post https://api.sumsub.com/resources/snsId/api/connect/token
Overview
Use this method to obtain a Sumsub ID Connect access token, which is required to get a Sumsub ID share token and continue with Sumsub ID Connect.
Note
To integrate with Sumsub ID Connect, contact Sumsub support to enable Sumsub ID for your client-key (
clientId).
Supported scopes
The following table describes the supported scope values—permissions that grant access to specific actions within Sumsub ID Connect—used in the request.
| Scope | Description |
|---|---|
openid | Returns the ID token (id_token). Required by OpenID Connect (OIDC). |
profile | Grants access to the user’s basic profile information. |
email | Grants access to the user’s email address. |
name | Grants access to the user’s name information. |
share | Grants permission to generate a Sumsub ID Share token. |
offline_access | Grants permission to obtain a refresh_token. |
Request examples
// When `grant_type` is `authorization_code`.
curl -X POST \
'https://api.sumsub.com/resources/snsId/api/connect/token' \
-H "Content-Type: application/json" \
-d '{
"grant_type": "authorization_code",
"code": "NLEeKUAjScy0CgIq7AbnB_bCB7Ro226BpLCstiNLqZs=",
"codeVerifier": "123456"
}'
// When `grant_type` is `refresh_token`.
curl -X POST \
'https://api.sumsub.com/resources/snsId/api/connect/token' \
-H "Content-Type: application/json" \
-d '{
"grant_type": "refresh_token",
"codeVerifier": "123456",
"refresh_token": "snd-id-con-r-YtQ9-X9taNbYgAXpeAYnp_IzF6pIHrV8qJX8pt_mMxkRrmvYGTyufdREWkOP_",
"scope": "share name profile"
}'
Response explained
In the response, you will get a new Sumsub ID connect access token.
The following fields are returned:
| Field | Type | Optional | Description |
|---|---|---|---|
access_token | String | No | Sumsub ID Connect access token that is required to get a Sumsub ID share token . |
refresh_token | String | Yes | Refresh token that can be used in the the next Sumsub ID Connect token request. ⓘ Returned if this is the first request where grant_type is authorization_code and the scope parameter includes offline_access. |
token_type | String | No | Always Bearer. |
expires_in | Integer | No | Lifespan of the generated access_token in seconds (24 hours). |
id_token | String | Yes | OpenID token; a JSON Web Token (JWT) containing information about the authenticated user. ⓘ Returned if the scope parameter in the request includes openid. |
Response examples
If the request is successfully sent and processed, you will get a response like one of those below.
// When the Sumsub ID Connect token is requested via `authorization_code` with the `scope` parameter including `openid` and `offline_access`.
{
"access_token" : "snd-id-con-a-WRT7FRBRfdejpsDR8a_cYeX9BU32QP_I_Hyc93saZcg5965PfGzrHGDEdrTRseop",
"refresh_token" : "snd-id-con-r-YtQ9-X9taNbYgAXpeAYnp_IzF6pIHrV8qJX8pt_mMxkRrmvYGTyufdREWkOP_",
"token_type" : "Bearer",
"expires_in" : 86400,
"id_token" : "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTY3OCIsIm5hbWUiOiJKb2huIERvZSJ9.hqkYfLq4pMJyY0HnLxD2kWZ4RyY5L7bB4gkDfnZpQvY"
}
// When the Sumsub ID Connect token is requested via `refresh_token`.
{
"access_token" : "snd-id-con-a-WRT7FRBRfdejpsDR8a_cYeX9BU32QP_I_Hyc93saZcg5965PfGzrHGDEdrTRseop",
"token_type" : "Bearer",
"expires_in" : 86400
}
If the request fails, you will receive an HTTP response containing an error code along with a message explaining the error. For example:
// Sumsub ID is not enabled for your client-key.
{
"code": 404,
"correlationId": "bc3cf3b178723bf584b4418943fcf791",
"description": "Invalid clientId: client_id"
}
// Invalid authorization code is submitted in the request.
{
"code" : 401,
"correlationId": "rt8hje75144d53a5a49ccb58967gdTop",
"description" : "Invalid code"
}