POST token

Obtain an access token. Use it to send secure authorized requests to the API.

Request

URL ( doesn't require authentication )

https://api-lease.crexi.com/token

Body Parameters

grant_type

string

"password"

Required

username

string

username or email

Required

password

string

Required

redirect_uri

string

Social network redirect url

Optional

invitation_code

globally unique identifier

Invitation code

Optional

signup_reason

string

Signup reason

Optional

browser_id

string

Browser id

Optional

Example

The method supports url-encoded requests (Content-Type: application/x-www-form-urlencoded) only. Make sure both username and password values are properly encoded.

POST https://api-lease.crexi.com/token HTTP/1.1
Host: api-lease.crexi.com
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
User-Agent: My CREXi App
Content-Length: 65

grant_type=password&username=john%40gmail.com&password=Password1!&invitation_code=d17768b2-0af8-4390-9eb2-29fe5a8f3179&signup_reason=InviteToCREXi&browser_id=55885186553d4de0951da65d371a8618

Response

Details

If the request succeeds (200 OK), the server returns an access token in the response body. Unlike some forms of authentication (such as cookie-based authentication), the browser will not automatically include the access token in subsequent requests. The application must do so explicitly.

Returns 400 Bad Request if authentication fails.

Data fields

access_token

string

Your access token

token_type

string

"bearer"

expires_in

string

Expiration time in seconds

new_user

boolean

Flag returns 'True' for new sign-ins via a social account.

Example

{
  "access_token": "-XOeAyHST3hWaMynS04VY8kfItuaasphckB8Wu8ifCsVIo3LSeXd...",
  "token_type": "bearer",
  "expires_in": 21599,
  "new_user": False
}

Usage

Unauthorized Request Error

Most API methods require authentication. Until the user logs in, there is no access token, and therefore no Authorization header in the request. This causes the request to return a 401 error:

HTTP/1.1 401 Unauthorized
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
WWW-Authenticate: Bearer
Content-Length: 88

{"Message":"Authorization has been denied for this request.","ErrorCode":"Unauthorized"}

Notice that the response includes a WWW-Authenticate header with the challenge set to Bearer. That indicates the server expects an access token.

Authenticated Request Example

Once you have an access token, you can make an authenticated request to the API. This is done by setting the Authorization header in the request:

GET https://api-lease.crexi.com/account HTTP/1.1
Host: api-lease.crexi.com
User-Agent: My CREXi App
Authorization: Bearer -XOeAyHST3hWaMynS04VY8kfItuaasphckB8Wu8ifCsVIo3LSeXd...

Sign in with LinkedIn

Details

CREXi Linkedin integration is based on Linkedin REST OAUTH 2.0 API. The client app (Web UI or mobile app) obtains a LinkedIn Authorization Code and then sends it to CREXi API. CREXi API authenticates the user with Linkedin Authorization Code or creates a new user account if given LinkedIn user hasn't signed in before. After that CREXi API generates a new CREXi access token and returns it as a part of regular POST token response.

Set username to linkedin and pass linkedIn authorization code as password. redirect_uri parameter is required an it must match the redirect_uri parameter passed to the request for LinkedIn Authorization Code.

Request Example

POST https://api-lease.crexi.com/token HTTP/1.1
Host: api-lease.crexi.com
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
User-Agent: My CREXi App
Content-Length: 212

grant_type=password&username=linkedin&password=AQTDa6oPf6Z2_lz2XuQ_Baa5SgDTZWJyLwFTNObHTUSdAq5hIenFLiI1wZtWRqKCjww5XL2Xb24xOYKcTIrtP5vVUbv0GpO5A_BNSTZ6q2cArnFEMok&redirect_uri=http%3A%2F%2Fwww.crexi.com%2Flogin

Sign in with Google

Details

CREXi Google integration is based on Google REST OAUTH 2.0 API. The client app (Web UI or mobile app) obtains a Google Authorization Code and then sends it to CREXi API. CREXi API authenticates the user with Google Authorization Code or creates a new user account if given Google user hasn't signed in before. After that CREXi API generates a new CREXi access token and returns it as a part of regular POST token response.

Set username to google and pass Google authorization code as password. redirect_uri parameter is required an it must match the redirect_uri parameter passed to the request for Google Authorization Code.

Request Example

POST https://api-lease.crexi.com/token HTTP/1.1
Host: api-lease.crexi.com
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
User-Agent: My CREXi App
Content-Length: 212
grant_type=password&username=google&password=AQTDa6oPf6Z2_lz2XuQ_Baa5SgDTZWJyLwFTNObHTUSdAq5hIenFLiI1wZtWRqKCjww5XL2Xb24xOYKcTIrtP5vVUbv0GpO5A_BNSTZ6q2cArnFEMok&redirect_uri=http%3A%2F%2Fwww.crexi.com%2Flogin

Sign in with Facebook

Details

CREXi Facebook integration is based on The Graph API The client app (Web UI or mobile app) obtains a Facebook OAuth Authorization Code and then sends it to CREXi API. CREXi API authenticates the user with Facebook OAuth Code or creates a new user account if given Facebook user hasn't signed in before. After that CREXi API generates a new CREXi access token and returns it as a part of regular POST token response.

Set username to facebook and pass Facebook authorization code as password. redirect_uri parameter is required an it must match the redirect_uri parameter passed to the request for Facebook OAuth Authorization Code.

Request Example

POST https://api-lease.crexi.com/token HTTP/1.1
Host: api-lease.crexi.com
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
User-Agent: My CREXi App
Content-Length: 212
grant_type=password&username=facebook&password=AQTDa6oPf6Z2_lz2XuQ_Baa5SgDTZWJyLwFTNObHTUSdAq5hIenFLiI1wZtWRqKCjww5XL2Xb24xOYKcTIrtP5vVUbv0GpO5A_BNSTZ6q2cArnFEMok&redirect_uri=http%3A%2F%2Fwww.crexi.com%2Flogin