Authorization Management
Last Updated on : 2025-05-30 01:56:03download
This topic describes the related APIs of authorization management.
OAuth 2.0 Used in Authorization
Each business API requires token authentication. The Tuya authorization center API is first invoked to obtain the access token and refresh token. The Tuya authorization center provides the following method for obtaining tokens based on OAuth 2.0.
- Signature authentication is performed for the clientId and secret of developers based on the specifications of the Tuya authorization center API.
- Tuya Cloud verifies and issues tokens to third-party platforms.
Note: An access token is valid for two hours, while a refresh token is permanently valid. After an access token expires, you can use a refresh token to request Tuya Cloud to refresh tokens. Then Tuya Cloud issues a new access token and refreshes token. After the tokens are refreshed, the old access token and refresh token become invalid.
Authorization process
API List
| Request method | API | Description |
|---|---|---|
| GET | /v1.0/token | Get the access token. |
| GET | /v1.0/token/{refresh_token} | Refresh the user token. |
API for Obtaining Tokens
API Description
You can use this API to obtain tokens in a simple mode.
API Address
GET /v1.0/token
Request Parameters
| Parameter | Type | Position | Description | Mandatory |
|---|---|---|---|---|
| grant_type | Integer | URL | Authorization type. 1: simple mode |
Yes |
Response Parameters
| Parameter | Type | Description |
|---|---|---|
| code | Integer | Response code.Null indicates success. |
| success | Boolean | Request result. true: success false: failure |
| msg | String | Exception message.It is null when the request result is success. |
| t | Long | Response time, which is a 13-digit timestamp. |
| result | Object | Result object. |
Parameters in result
| Parameter | Type | Description |
|---|---|---|
| uid | String | Tuya user ID. |
| access_token | String | Access token. |
| expire_time | Integer | Validity period, in seconds. |
| refresh_token | String | Refresh token, used for refreshing tokens. |
Request Example
GET {url}/v1.0/token?grant_type=1
Success Response Example
{
"success":true,
"result": {
"uid":"ay******",
"access_token": "******",
"expire_time": 7200,
"refresh_token": "******"
}
}
API for Refreshing Tokens
API Description
The OAuth token is currently valid for two hours for security concerns. After it has expired, you need to call refresh_token to get a new token.
Note: The access_token has a validity period limit but no limit on the number of times. The refresh_token has no limit of the validity period but only takes effect once.
API Address
GET /v1.0/token/{refresh_token}
Request Parameters
| Parameter | Type | Position | Description | Mandatory |
|---|---|---|---|---|
| refresh_token | String | URI | Refresh token. | Yes |
Response Parameters
| Parameter | Type | Description |
|---|---|---|
| code | Integer | Response code.Null indicates success. |
| success | Boolean | Request result. true: success false: failure |
| msg | String | Exception message.It is null when the request result is success. |
| t | Long | Response time, which is a 13-digit timestamp. |
| result | Object | Result object. |
Parameters in result
| Parameter | Type | Description |
|---|---|---|
| uid | String | Tuya user ID. |
| access_token | String | Access token. |
| expire_time | Integer | Validity period, in seconds. |
| refresh_token | String | Refresh token, used for refreshing tokens. |
Request Example
GET {url}/v1.0/token/******
Success Response Example
{
"success":true,
"result": {
"uid":"ay******",
"access_token": "******",
"expire_time": 7200,
"refresh_token": "******"
}
}
Error Code
The following are common service exceptions for this API. For more exception errors, see Error Code.
| Error code | Description |
|---|---|
| 500 | System error. |
| 1003 | Invalid grant type. |
| 1003 | Invalid code. |
Is this page helpful?
YesFeedbackIs this page helpful?
YesFeedback
