Citrix ShareFile API
  • Not Currently Logged In |
    Log In
  • ||
    Logout
  • arrow Getting Started
    • Quick Start Guide
    • OData Implementation
    • FAQ
    • Authentication
    • Postman
    • Storage Zones
  • Get an API Key
  • arrow API Entities
    • AccessControls
    • Accounts
    • Apps
    • AsyncOperations
    • Capabilities
    • ConnectorGroups
    • Devices
    • EncryptedEmails
    • FavoriteFolders
    • Favorites
    • FolderTemplates
    • Groups
    • Items
    • Metadata
    • migration-guide
    • Policies
    • Reports
    • Sessions
    • Shares
    • StorageCenters
    • Users
    • WebhookClients
    • WebhookSubscriptions
    • Workflows
    • Zones
  • arrowWebhooks
    • Overview
    • Events
    • Payloads
    • Signature Keys
  • arrowHow-To Guides
    • Common Use Cases
    • Troubleshooting
  • arrowCode Samples
    • C#(.NET)
    • Command Line / CURL
    • Java SE
    • PHP
    • Python
    • Ruby
    • VB(.NET)
  • arrowSDKs
    • PowerShell
    • .NET
    • JAVA
    • JavaScript
  • Change Log
  • V1 to V3 Migration

OAuth2 Password Grant

Access Token Acquisition

The following endpoint and grant type can be used to acquire an access_token. While this flow is useful during development and testing purposes, for production, we highly suggest using the authorization code grant flow.

Note: The subdomain placeholder in the url below should be the subdomain of the user you are authenticating with.

https://subdomain.sharefile.com/oauth/token

Header:
Content-Type: application/x-www-form-urlencoded

Content:
grant_type=password&client_id=[client_id]&client_secret=[client_secret]&username=[username]&password=[password]

The response will be a JSON encoded object with the following data:

Field Description
access_token The access token.
refresh_token The refresh token.
token_type The token type.
apicp The user's ShareFile API control plane, i.e. sharefile.com or securevdr for the above example.
appcp The user's ShareFile account control plane, i.e. sharefile.com or securevdr for the above example.
subdomain The user’s ShareFile subdomain, i.e. if they access their ShareFile account through https://mycompany.sharefile.com , this value would return “mycompany”. Some username / password combinations may be active on multiple accounts. The user would need to choose an account in this case.
expires_in The expiration time in seconds.
Using the access and refresh tokens will be the same regardless of whether you used the web authorization flow or password grant. Click here to go back to the Web Authorization flow page.