OAuth Support

It should be noted that at this time, when connecting to DocuWare using OAuth authentication, only the following grant types are supported:

  • Username & Password
  • DocuWare Token
  • Trusted User (On premises only)
  • Windows Authentication (On premises only)

General Documentation

Documentation for using the REST API can be found in the Postman collection.

Once you have imported the Postman collection, right click on the collection name, and select "View documentation".

Additionally, you can view the documentation for a specific request by clicking on the "Documentation" button, on the right side of the screen when that request is open.

Access Token lifetime

The access token provided by the OAuth authentication process has a lifetime of 60 minutes. This means that once an access token is issued, it can be used for authentication for up to 60 minutes. After this period, the token will no longer be valid for authentication purposes.

The expiration time of the token is located in the JWT payload data 'exp' value and is formatted in NumericDate.

NumericDate is a term used in the JSON Web Token (JWT) specification to represent the number of seconds from 1970-01-01T00:00:00Z UTC until the specified UTC date/time. This is essentially a Unix timestamp, which is widely used in programming to represent date and time.

In order to continue interacting with the API after the token has expired, it is necessary to request a new access token. This is done by repeating the authentication process.

It's important to note that the lifetime of an access token is a security measure, designed to limit the potential damage if an access token is compromised. By ensuring that tokens expire, the window of opportunity for unauthorized use of the token is reduced.

Remember to handle token expiration in your application. This can be done by checking the token expiration time and automatically requesting a new token when the current one is about to expire. This will ensure a seamless experience for the user, as they won't need to manually re-authenticate.