OAuth Token

Generates an OAuth access token, refresh token, or performs authentication based on the provided grant_type. This endpoint supports multiple authentication flows such as password login, MFA, social login, authorization code, biometric login, and client credentials.

API Endpoint

Property	Value
Request Method	`POST`
Request URL	`https://api.seliseblocks.com/authentication/v1/OAuth/Token`
Content-Type	`multipart/form-data`

Request

Request Headers

Field	Type	Required	Description
x-blocks-key	string	Yes	Your project key from SELISE Blocks.
Content-Type	string	Yes	Must be `multipart/form-data`.
accept	string	No	Response format (e.g., `text/plain`).

Request Body Parameters

Field	Type	Required	Description
grant_type	string	Yes	Determines which authentication flow is used. See Grant Types section.
code	string	Conditional	Authorization / MFA / social login code. Required based on grant type.
redirect_uri	string	No	Redirect URI used for authorization flows.
username	string	Conditional	Username for password login. Required for `password` grant type.
password	string	Conditional	Password for password login. Required for `password` grant type.
scope	string	No	OAuth scope.
remember_me	boolean	No	Whether the session should be long-lived.
refresh_token	string	Conditional	Refresh token for token refresh. Required for `refresh_token` grant type.
mfa_id	string	Conditional	MFA session ID. Required for `mfa_code` grant type.
mfa_type	int32	Conditional	MFA type (1 = TOTP, 2 = Email). Required for `mfa_code` grant type.
state	string	Conditional	State parameter used for social login. Required for `social` grant type.
biometric_id	string	Conditional	Biometric user identifier. Required for `biometric_authorization` grant type.
biometric_key	string	Conditional	Biometric key/signature. Required for `biometric_authorization` grant type.
client_id	string	Conditional	OAuth client identifier. Required for `client_credential`, `client_user_code`, and `authorization_code` grant types.
client_secret	string	Conditional	OAuth client secret. Required for `client_credential` and `authorization_code` grant types.
user_code	string	Conditional	User verification code in device flow. Required for `client_user_code` grant type.

Grant Types

The following grant types are supported, each with specific required fields:

1. Password Grant (`password`)

Required fields: username, password

Used for standard username/password authentication.

curl -X POST 'https://api.seliseblocks.com/authentication/v1/OAuth/Token' \
  -H 'Content-Type: multipart/form-data' \
  -H 'x-blocks-key: YOUR_PROJECT_KEY' \
  -F 'grant_type=password' \
  -F 'username=user@example.com' \
  -F 'password=SecurePass123'

2. MFA Code Grant (`mfa_code`)

Required fields: code, mfa_id, mfa_type

Used to complete multi-factor authentication after initial login.

MFA Types:

1 = TOTP (Time-based One-Time Password)
2 = Email

curl -X POST 'https://api.seliseblocks.com/authentication/v1/OAuth/Token' \
  -H 'Content-Type: multipart/form-data' \
  -H 'x-blocks-key: YOUR_PROJECT_KEY' \
  -F 'grant_type=mfa_code' \
  -F 'code=YOUR_CODE' \
  -F 'mfa_id=YOUR_MFA_ID' \
  -F 'mfa_type=1'

3. Social Login Grant (`social`)

Required fields: code, state

Used for OAuth social login flows (Google, Facebook, etc.).

curl -X POST 'https://api.seliseblocks.com/authentication/v1/OAuth/Token' \
  -H 'Content-Type: multipart/form-data' \
  -H 'accept: text/plain' \
  -H 'x-blocks-key: YOUR_PROJECT_KEY' \
  -F 'grant_type=social' \
  -F 'code=YOUR_CODE' \
  -F 'state=YOUR_STATE'

4. Authorization Code Grant (`authorization_code`)

Required fields: code

Standard OAuth 2.0 authorization code flow.

tip

To obtain your client_id and client_secret, visit: SELISE Blocks Cloud - Client Credentials

curl -X POST 'https://api.seliseblocks.com/authentication/v1/OAuth/Token' \
  -H 'Content-Type: multipart/form-data' \
  -H 'x-blocks-key: YOUR_PROJECT_KEY' \
  -F 'grant_type=authorization_code' \
  -F 'code=YOUR_AUTH_CODE'

5. Client Credentials Grant (`client_credential`)

Required fields: client_id, client_secret

Used for machine-to-machine authentication.

tip

To obtain your client_id and client_secret, visit: SELISE Blocks Cloud - Client Credentials

curl -X POST 'https://api.seliseblocks.com/authentication/v1/OAuth/Token' \
  -H 'Content-Type: multipart/form-data' \
  -H 'x-blocks-key: YOUR_PROJECT_KEY' \
  -F 'grant_type=client_credential' \
  -F 'client_id=YOUR_CLIENT_ID' \
  -F 'client_secret=YOUR_CLIENT_SECRET'

6. Client User Code Grant (`client_user_code`)

Required fields: client_id, user_code

Used for device authorization flow.

curl -X POST 'https://api.seliseblocks.com/authentication/v1/OAuth/Token' \
  -H 'Content-Type: multipart/form-data' \
  -H 'x-blocks-key: YOUR_PROJECT_KEY' \
  -F 'grant_type=client_user_code' \
  -F 'client_id=YOUR_CLIENT_ID' \
  -F 'user_code=DEVICE_USER_CODE'

7. Refresh Token Grant (`refresh_token`)

Required fields: refresh_token

Used to obtain a new access token using a refresh token.

tip

To manage your refresh tokens, visit: SELISE Blocks Cloud - Personal Access Tokens

curl -X POST 'https://api.seliseblocks.com/authentication/v1/OAuth/Token' \
  -H 'Content-Type: multipart/form-data' \
  -H 'x-blocks-key: YOUR_PROJECT_KEY' \
  -F 'grant_type=refresh_token' \
  -F 'refresh_token=YOUR_REFRESH_TOKEN'

info

Different grant types require different combinations of parameters. The server validates the request based on the grant_type provided. Make sure to include all required fields for your chosen grant type to avoid validation errors.

Response

Success Response

Returns an OAuth token response with HTTP status 200 OK.

{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "Bearer",
  "expires_in": 8000,
  "refresh_token": "fccd43192456422db...",
  "id_token": null
}

Response Fields

Field	Type	Description
access_token	string	JWT access token for API authentication.
token_type	string	Token type, always "Bearer".
expires_in	integer	Access token lifetime in seconds.
refresh_token	string	Token used to obtain a new access token.
id_token	string	OpenID Connect ID token (null if not applicable).

Failure Response

{
  "error": "state_data_not_found",
  "error_description": "state_data_not_found"
}

Error Response Fields

Field	Type	Description
error	string	Error code identifier.
error_description	string	Detailed error message description.

Error Codes

Status Code	Description	Response Type
400	Invalid request parameters or missing required fields	Bad Request

API Endpoint​

Request​

Request Headers​

Request Body Parameters​

Grant Types​

1. Password Grant (password)​

2. MFA Code Grant (mfa_code)​

3. Social Login Grant (social)​

4. Authorization Code Grant (authorization_code)​

5. Client Credentials Grant (client_credential)​

6. Client User Code Grant (client_user_code)​

7. Refresh Token Grant (refresh_token)​

Response​

Success Response​

Response Fields​

Failure Response​

Error Response Fields​

Error Codes​