Sending Tokens in the QueryString

The OAuth 2.0 standard allows tokens to be sent both through the HTTP header as well as through the query string for calls that use the GET command. The two examples below are thus equivalent:

 

Sending tokens through the HTTP header:

GET {WSUrl}/api/events HTTP/1.1

 

Host: <hostname>
Authorization: OAuth2 <TOKEN>
Content-Length: 44
Content-Type: application/json

Sending the tokens through the QueryString:

{WSUrl}/api/events?access_token=<token>

 

Note: The token generated must be converted into a base64 string, as some of the characters generated by the token are not accepted. For example, if the URL with the token is {WSUrl}/api/events?access_token=abcdef=, only the  "abcdef" part will be considered. For this, you must use percent-encoding based on the table below.

Reserved characters after percent-enconding

!

#

$

&

'

(

)

*

+

,

/

:

;

=

?

@

[

]

%21

%23

%24

%26

%27

%28

%29

%2A

%2B

%2C

%2F

%3A

%3B

%3D

%3F

%40

%5B

%5D

 

In other words, if the base64 token has any of these characters, they must be encoded before being used as a parameter in the URL.