Issue a Meridian Accounts access token
Mints a JWT for a Meridian user. For client_credentials grants, the user is identified by the X-Meridian-User-Id header: it must be provided for MULTI_USER integrations and omitted for SINGLE_USER integrations (the single configured user is used). For refresh_token grants, the user is derived from the supplied refresh token.
Headers
Identifies the program context for the request. Required for server-to-server (HMAC) authentication. See Authentication.
Identifies the Meridian user targeted by the request. Required for server-to-server (HMAC) authentication with MULTI_USER integrations; omit for SINGLE_USER. See Authentication.
Partner API key issued by Meridian during provisioning. Required for server-to-server (HMAC) authentication. See Authentication.
Current time in milliseconds since the Unix epoch. Must be within 60 seconds of the request. Required for server-to-server (HMAC) authentication. See Authentication.
HMAC SHA-256 signature of the canonical request string, computed per request. Required for server-to-server (HMAC) authentication. See Authentication for how to construct it.
Body
Either a client_credentials or refresh_token grant payload
- Client Credentials Token Body
- Refresh Token Body
OAuth token request payload for Meridian Accounts authentication
OAuth grant type
"client_credentials"
Response
The issued access and refresh tokens
OAuth token response for Meridian Accounts authentication
Bearer access token
"access_token_abc123"
Lifetime of the access token in seconds
3600
Type of token returned
"Bearer"
Refresh token that can be exchanged for a new access token
"refresh_token_abc123"
Space-delimited scopes granted to the access token
"enrollment:get enrollment:activate"
URN describing the type of issued token
"urn:ietf:params:oauth:token-type:access_token"