FAST LOGIN API

Token Endpoint

You can click the file below to download the Token and UserInfo Endpoint Postman Project:
Token and UserInfo Endpoint Postman Project

Token Endpoint URL: https://mobcon.turkcell.com.tr/mobileconnect/oauth/token

http method: POST

Header Mandatory Parameters

URI Parameter Description
*Authorization HTTP Basic authorization to access the API. Base64 encoded String of your "<client_id>:<client_secret>" (please note, these are client_id, client_secret value from the discovery response.)
Type: String
*Content-Type Describe the format of the "POST" data that is being sent across. Always set to "application/x-www-form-urlencoded"
Type: String

Body Mandatory Parameters

URI Parameter Description
*code The "code" parameter you received from the Authentication Endpoint request's response
Type: String
*grant_type The type of "code" that is being submitted. Always set it to "authorization_code"
Type: String
*redirect_uri Used as an extra level of security. If a mis-matched redirect_uri is passed in the token request URL(other than the registered in the form), error will be thrown.
Make sure to use the same redirect uri that you used in the Authentication Request URL for the generation of authentication "code" otherwise mis-match error will be thrown.
Type: URI

Response

URI Parameter Description
*access_token OAuth 2.0 access_token, used to get the UserInfo object from the UserInfo end-point and can be reused for accessing other protected resources, if required
Type: String
*token_type The type of token received. In Fast Login case, it should always be "Bearer"
Type: String
*expires_in Expiration time in seconds from the time of generation of the response
Type: String
*id_token Additional token used in OIDC to provide the Identity token claim. A Base64URL encoded String, when decoded contains all the claims in JSON format
  • Currently it is not used in Fast Login
Type: String

Sample Token Request via using Postman

Authorization

tokenendauth

Header of Request

tokenendheader
Key Value
*Content-Type application/x-www-form-urlencoded
*Accept text/plain, application/json, application/json, application/*+json, application/*+json, text/plain, */*, */*
*Access-Control-Allow-Origin mobcon.turkcell.com.tr
*Authorization Basic Y2xpZW50OnNlY3JldA==
  • You have to change accunt information that is given in "Authorization", that is an example:
    • "Basic" + Base64.encode(username + ":" + password)

Body of Request

tokenendbody
Key Value
*redirect_uri https://mylocalhost.com
*grant_type authorization_code
*code 5a032d59-47f6-4c83-8135-cd38784137db

Response

  • Here is an example of Token Endpoint response
    • You can see for parameter details
token response={ 
    "access_token":": "eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE1NDg3NDcwMTMsImF1ZCI6ImNsaWVudCIsImlzcyI6Imh0dHA6XC9cL2xvY2FsaG9zdDo4MDgwXC9tb2JpbGVjb25uZWN0XC8iLCJqdGkiOiJkNzQ0NTE2OC1hYjE3LTRjZDEtOGQ4NS1hNDM0OTRjNDRhNWYiLCJpYXQiOjE1NDg3NDY4OTN9.ckQZBwbPEpljlhxf6g5BshIwM3bsLdbSrp9XI_Ir8W0YXYtha3dLHSz6PjFKfE1Fx2oAk7_cejhbOEOUVb8niCG3nmlXd3JFS2YIdC8x36E_oWHaudDRnevMfZf6xrkhXaGz9q_NsfuxOsq4Q0mZuNKTTelG3NbprNOaLiHTY18",,  
    "token_type":"Bearer",
    "expires_in":2591999,  
    "scope":"phone email openid profile",  
    "id_token":"eyJhbGciOiJSUzI1NiIsImtpZCI6InJzYTEifQ.eyJleHAiOjE1NDg3NDc0OTMsInN1YiI6ImZiNzZhNTI1LTM0YzItNDQwYi05YWZkLTQzYTQyY2JhOGNhNCIsImF6cCI6ImNsaWVudCIsIm5vbmNlIjoiTm9uY2UwLnZkbDRyanVsMmJ0enkyNHduaW1hYnJ6ZnIiLCJhdWQiOlsiY2xpZW50IixudWxsXSwiaXNzIjoiaHR0cDpcL1wvbG9jYWxob3N0OjgwODBcL21vYmlsZWNvbm5lY3RcLyIsImlhdCI6MTU0ODc0Njg5MywiYWNyIjoiMiIsImFtciI6WyJPSyIsIk9UUCJdLCJraWQiOiJyc2ExIn0.ESknUrbDoX17m8OxeaXxVfngDiqus0fC34TCle7skdDUW7g-SgfAJKNCpRVzT_LOdCoXLpEIcQlJ96uaAp4JICbmPIFn0T7I0719tzWL-bbqa4VyMUvPpU1vBouYs9axipJR_sZdhtTbxhGxHXhRRDMI3xVMPttr9CG75q1Igrw"
,  }