Authenticate your API requests by generating OAuth 2.0 access tokens using your client credentials.
Endpoints
Generate Access Token
POST /auth/realms/avaya/protocol/openid-connect/token
Generate an OAuth 2.0 access token using the client credentials grant type for server-to-server authentication.
Getting Started
Find Your Customer Subdomain
Your subdomain is found in your Infinity portal URL and is required for authentication.
Example: If your portal URL is:
https://core.avaya1234.ec.avayacloud.com/app/core-config-ui/
Your subdomain is: avaya1234
The authentication endpoint uses this format:
https://core.{customer-subdomain}.ec.avayacloud.com/auth/realms/avaya/protocol/openid-connect/token
Get Your Client Credentials
Obtain your client_id and client_secret from the Avaya Infinity portal. These credentials are used to generate access tokens for API authentication.
Token Lifecycle
Grant Type: Only client_credentials is supported for server-to-server authentication.
Token Format: Access tokens are JSON Web Tokens (JWT) containing permissions and expiration claims.
Expiration: Tokens typically expire in 900 seconds (15 minutes). Check the expires_in field in the response or the exp claim in the decoded JWT.
Renewal: Generate a new token before the current one expires to maintain uninterrupted API access.
Security Best Practices
Never expose credentials client-side - Always generate tokens from your backend server, never in browser or mobile app code.
Store credentials securely - Use environment variables or secret management systems to protect your client_id and client_secret.
Implement token caching - Cache tokens and reuse them until expiration to reduce unnecessary token generation requests.
Rotate credentials regularly - Periodically rotate your client credentials as part of security best practices.