Get Sumsub ID Connect token

Recent Requests
Log in to see full request history
TimeStatusUser Agent
Retrieving recent requests…
LoadingLoading…

Overview

Use this method to obtain a Sumsub ID Connect access token, which is required to get a Sumsub ID share token and continue with Sumsub ID Connect.

📘

Note

To integrate with Sumsub ID Connect, contact Sumsub support to enable Sumsub ID for your client-key (clientId).

Request examples

// When `grant_type` is `authorization_code`.

curl -X POST \
  'https://api.sumsub.com/resources/snsId/api/connect/token' \
  -H "Content-Type: application/json" \
  -H 'X-App-Token: <your-app-token>' \
  -H 'X-App-Access-Sig: <your-signature>' \
  -H 'X-App-Access-Ts: <unix-timestamp>' \
  -d '{
        "grant_type": "authorization_code",
        "code": "NLEeKUAjScy0CgIq7AbnB_bCB7Ro226BpLCstiNLqZs=",
        "codeVerifier": "123456"
      }'
// When `grant_type` is `refresh_token`.

curl -X POST \
  'https://api.sumsub.com/resources/snsId/api/connect/token' \
  -H "Content-Type: application/json" \
  -H 'X-App-Token: <your-app-token>' \
  -H 'X-App-Access-Sig: <your-signature>' \
  -H 'X-App-Access-Ts: <unix-timestamp>' \
  -d '{
        "grant_type": "refresh_token",
        "codeVerifier": "123456",
        "refresh_token": "snd-id-con-r-YtQ9-X9taNbYgAXpeAYnp_IzF6pIHrV8qJX8pt_mMxkRrmvYGTyufdREWkOP_",
        "scope": "share name profile"
      }'

Response explained

In the response, you will get a new Sumsub ID connect access token.

The following fields are returned:

FieldTypeOptionalDescription
access_tokenStringNoSumsub ID Connect access token that is required to get a Sumsub ID share token .
refresh_tokenStringYes

Refresh token that can be used in the the next Sumsub ID Connect token request.

ⓘ Returned if this is the first request where grant_type is authorization_code and the scope parameter includes offline_access.

token_typeStringNoAlways Bearer.
expires_inIntegerNoLifespan of the generated access_token in seconds (24 hours).
id_tokenStringYes

OpenID token; a JSON Web Token (JWT) containing information about the authenticated user.

ⓘ Returned if the scope parameter in the request includes openid.

Response examples

If the request is successfully sent and processed, you will get a response like one of those below.

// When the Sumsub ID Connect token is requested via `authorization_code` with the `scope` parameter including `openid` and `offline_access`.

{
  "access_token" : "snd-id-con-a-WRT7FRBRfdejpsDR8a_cYeX9BU32QP_I_Hyc93saZcg5965PfGzrHGDEdrTRseop",
  "refresh_token" : "snd-id-con-r-YtQ9-X9taNbYgAXpeAYnp_IzF6pIHrV8qJX8pt_mMxkRrmvYGTyufdREWkOP_",
  "token_type" : "Bearer",
  "expires_in" : 86400,
  "id_token" : "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTY3OCIsIm5hbWUiOiJKb2huIERvZSJ9.hqkYfLq4pMJyY0HnLxD2kWZ4RyY5L7bB4gkDfnZpQvY"
}
// When the Sumsub ID Connect token is requested via `refresh_token`.

{
  "access_token" : "snd-id-con-a-WRT7FRBRfdejpsDR8a_cYeX9BU32QP_I_Hyc93saZcg5965PfGzrHGDEdrTRseop",
  "token_type" : "Bearer",
  "expires_in" : 86400
}

If the request fails, you will receive an HTTP response containing an error code along with a message explaining the error. For example:

// Sumsub ID is not enabled for your client-key.

{
  "code": 404,
  "correlationId": "bc3cf3b178723bf584b4418943fcf791",
  "description": "Invalid clientId: client_id"
}
// Invalid authorization code is submitted in the request.

{
  "code" : 401,
  "correlationId": "rt8hje75144d53a5a49ccb58967gdTop",
  "description" : "Invalid code"
}

Body Params
string
enum
required

Type of authorization being used in the request. Must be one of the following:

  • authorization_code — when exchanging a short-lived authorization code received on the frontend after the user successfully authorizes with Sumsub ID.
  • refresh_token — when exchanging a refresh token obtained from a previous call to this endpoint.

Allowed:
string

Authorization code received on the frontend after the user successfully authorizes with Sumsub ID.

⚠️ Required if the grant_type parameter is authorization_code.

string

Verification code that is sent to the user email address and is used in the Sumusb ID Connect authorization.

string

Refresh token received from the previous call to this endpoint.

⚠️ Required if the grant_type parameter is refresh_token.

string

Requested token permissions (openid, share, profile, offline_access, email, name). You can include one, several, or all of them, separated by spaces, in the request.
Refer to this table for more details.

⚠️ You cannot request additional or different scope values than those originally granted when obtaining the authorization code or refresh token.

Language
Credentials
Header
LoadingLoading…
Response
Click Try It! to start a request and see the response here!