How to Authenticate with Avaya Infinity™ APIs

Introduction

The Avaya Infinity APIs use OAuth2 for authentication, supporting both client credentials and password flows. All API requests must include a Bearer token in the Authorization header for secure access.

How to Obtain an Access Token (Client Credentials Flow):

1. Obtain your client ID and client secret from Avaya
2. Send a POST request to the token endpoint:

Request

curl -X POST https://core.avaya1984com-inf71.ec.avayacloud.com/auth/realms/avaya/protocol/openid-connect/token -H 'Content-Type:application/x-www-form-urlencoded' -d 'grant_type=client_credentials&client_id={clientId}&client_secret={secret}&scope=workflows:execute'

• POST https://core.avaya1984com-inf71.ec.avayacloud.com/auth/realms/avaya/protocol/openid-connect/token
• Content-Type: application/x-www-form-urlencoded
• grant_type: client_credentials
• clientid: _Your API client ID (e.g., workflow-session-api-01-001d0106265d6988cc494c971d)
• clientsecret: _Your API client secret
• scope: workflows:execute
  • The response will contain an access token. Use this token in the Authorization header for subsequent API requests:

Response

• Content-Type: application/json
• Success (200)

{
    "access_token": "eyJhbGciOiJSUzI1....",
    "expires_in": 900,
    "refresh_expires_in": 9000,
    "refresh_token": "eyJhbGciOiJIUzI1....",
    "token_type": "bearer",
    "scope": "workflows:execute"
}

• Failures
  • Bad Request (400) - grant_type or client_id is invalid
  • Unauthorized (401) - secret is wrong.
  • Not Found (404) - requested resource not found.

Security and Implementation Notes

• Never expose service JWT tokens or Avaya session IDs to client applications.
• Validate and sanitize all input parameters before making API calls.12
• Output variables may contain sensitive workflow data; handle with appropriate care.