API Endpoints

Trimble Identity API endpoints used in client authentication are documented below. The API is built on the industry-standard OAuth 2.0 and OpenID Connect Core 1.0 protocols.

Authorize

The authorize endpoint supports three response_types: code, id_token, token. If code is present in your parameters, JWTs are not needed for authorization.

The authorize endpoint is used with

• Authorization Code flow
• Authorization Code flow with PKCE

HTTP

GET /oauth/authorize

Token

The token endpoint is use to retrieve an access token.

The authorize endpoint is used with

• Authorization Code flow
• Authorization Code flow with PKCE
• Client Credentials
• Refresh Token

HTTP

POST /oauth/token

UserInfo

The authorize endpoint is used with

• Authorization Code flow
• Authorization Code flow with PKCE

HTTP

GET /oauth/userinfo

Logout

The logout endpoint is used with

• Authorization Code flow
• Authorization Code flow with PKCE

HTTP

GET /oauth/logout

Revoke

The token revocation endpoint is used to revoke, or invalidate, a specific refresh token.

HTTP

POST /oauth/revoke

Headers

Header	Description
Authorization	Basic (base64 encoded Client id:Client secret)

Parameters

Parameter	Description
token	Refresh token to be revoked
token_type_hint	Refresh token

Example

# Your application credentials
client_id="your client id"
client_secret="your client secret"
token="token to be revoked"
hint="token hint"

encoded_credentials=$(echo -n "$client_id:$client_secret" | base64)

curl --location --request POST "https://id.trimble.com/oauth/revoke" \
--header "Authorization: Basic $encoded_credentials" \
--header "Content-Type: application/x-www-form-urlencoded" \
--data-urlencode "token=$token" \
--data-urlencode "token_type_hint=$hint"