View Categories

REST API Target

Overview

The REST API Target in eZintegrations allows users to send processed data to external systems using REST-based endpoints.

When working with OAuth 2.0 authentication, users may need to configure the Refresh Token Endpoint Body in a specific format to generate or refresh access tokens.

This configuration supports both JSON and URL-encoded formats, depending on API requirements.

When to Use

Use this configuration when integrating with REST APIs that require OAuth 2.0 authentication and token refresh mechanisms.

  • Sending data to secured REST APIs
  • Refreshing access tokens automatically
  • Authenticating using OAuth 2.0 password grant
  • Configuring token endpoints for external services
  • Supporting API authorization workflows

How It Works

When OAuth 2.0 is enabled for a REST API Target, the system sends authentication parameters to the refresh token endpoint.

These parameters are passed through the Refresh Token Endpoint Body field and processed by the target authorization server.

Based on the provided values, the server validates credentials and returns an access token for subsequent API calls.

Using JSON Format in Refresh Token Endpoint Body

When sending data in JSON format, provide the authentication parameters as a structured JSON object.

This format is typically used when the API accepts application/json content type.

Example: JSON Format 

{
  "grant_type": "password",
  "client_id": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
  "client_secret": "XXXXXXXXXXXXXXXXXXXXXXXX",
  "username": "XXXXXXXXXXXXXXXXXXXXXXX",
  "password": "XXXXXXXXXXXXXXXXXXXXXXXXX"
}

This format sends credentials and grant information as a JSON payload to the token endpoint.

Using URL-Encoded String Format in Refresh Token Endpoint Body

When the target API requires application/x-www-form-urlencoded format, values must be passed as a single encoded string.

This format is commonly required by OAuth 2.0 authorization servers.

Example: URL-Encoded Format 

client_id=XXXXXXXXXXXXXXXXX&
client_secret=XXXXXXXXXXXXXXXXX&
username=XXXXXXXXXXXXXXXXX&
password=XXXXXXXXXXXXXXXXX&
grant_type=password

In this format, parameters are concatenated using ampersands (&) and sent as a single request body string.

How to Configure REST API Target with OAuth 2.0

Follow these steps to configure OAuth 2.0 authentication in a REST API Target.

  1. Open the Integration Bridge configuration.
  2. Select REST API Target.
  3. Enable OAuth 2.0 authentication.
  4. Locate the Refresh Token Endpoint Body field.
  5. Enter the required credentials in JSON or URL-encoded format.
  6. Save the configuration.
  7. Test the connection to verify token generation.

Configuration Guidelines

Follow these guidelines when defining the refresh token request body.

  • Use JSON format only if supported by the target API.
  • Use URL-encoded format for standard OAuth 2.0 endpoints.
  • Ensure all required parameters are provided.
  • Verify grant_type value based on API documentation.
  • Protect client credentials from unauthorized access.

Troubleshooting

  • Verify client_id and client_secret values.
  • Ensure the correct content type is configured.
  • Check that the token endpoint URL is valid.
  • Review authorization server error messages.
  • Confirm that credentials are active and not expired.

Frequently Asked Questions

What is the Refresh Token Endpoint Body?

It is the request payload sent to the OAuth 2.0 token endpoint to generate or refresh access tokens.

Which format should I use: JSON or URL-encoded?

Use JSON when the API supports application/json. Use URL-encoded format when the API requires application/x-www-form-urlencoded.

Is the password grant type mandatory?

No. The grant_type depends on the authorization server configuration and supported OAuth 2.0 flows.

Can I store credentials directly in the request body?

Yes. Client credentials and user credentials are provided in the request body as required by the OAuth 2.0 flow.

Can this configuration be reused across targets?

Yes. Similar OAuth 2.0 configurations can be reused for multiple REST API Targets when supported.

Notes

  • Do not expose client secrets in shared environments.
  • Rotate credentials periodically for security.
  • Test authentication in staging before production use.
  • Follow target API documentation strictly.
  • Maintain secure access controls for OAuth settings.
Updated on February 19, 2026

What are your Feelings

  • Happy
  • Normal
  • Sad