Getting Started

In this tutorial, you will learn how to retrieve access tokens from the NICE inContact token service and use them to make API calls.

In order to retrieve an API token, you must register your application. You do this in the NICE inContact Central website, under the Admin >> Account Setting >> API Applications menu. (If you do not see this menu option, your security profile is likely preventing you from seeing it. Contact your NICE inContact administrator, or consult Help.inContact.com or NICE inContact technical support forAppName@VendorName:BusinessUnitNumber assistance.)

When you register your application, you must specify a "Vendor Name" and an "Application Name." You must also specify which of the available APIs your application is authorized to use by selecting the Scopes authorized for this application. This does not change the permissions for any Agent that calls an API using this application. It only controls the ability to request those API methods. If the Agent does not have permissions to execute the API functions, they will receive an error message indicating that the requested action is forbidden. You can select from the following API scopes:

  • AdminAPI - Administrative APIs such as assigning a Skill to an Agent
  • AgentAPI - Agent Session APIs such as accepting a Contact
  • AuthenticationAPI - Authentication APIs such as resetting passwords
  • RealTimeDataAPI - Real Time Data APIs such as getting current state of Agents
  • ReportingAPI - Historical or calculated data
  • PatronAPI - APIs that do not require NICE inContact credentials such as Click-to-call
  • CustomAPI - Any APIs you create from the Studio scripting tool

NOTE: It is a best practice to use the API Application configuration to control what API scopes your application will use, rather than the "scope" parameter in the token request.

NOTE: If you are going to use an Implicit Grant token for your development, you will need to add all of the possible URLs that will be used to launch your application as an Authorized Callback URL. For example you could register a URL like below and use it when requesting an Implicit Grant tokenas described in step four of this tutorial.

https://customapplication.superwidgets.com/authenticated

The Vendor Name, Application Name, and Business Unit number will be used to retrieve a valid and current Password or Client API token.

To retrieve a Password or Client token, you must send an authorization key to the NICE inContact token service.

NOTE: For Implicit tokens, the authorization key is not required. You can skip this step and proceed to step four

The authorization key is the base-64 encoding of a string that is comprised of the Vendor Name, Application Name, and the Business Unit number for your application (see step one):

AppName@VendorName:BusinessUnitNumber

For example, if you register your application with a Vendor Name of "WidgetsInc.com", and an Application Name of "SuperWidget", and your Business Unit number is "123456," the string would be:

SuperWidget@WidgetsInc.com:123456

The base-64 encoding of this string is:

U3VwZXJXaWRnZXRAV2lkZ2V0c0luYy5jb206MTIzNDU2

You provide the Application and Vendor Names when you register your application with NICE inContact. You can always look them up, if needed, in the Manage >> API Applications section of the NICE inContact Central website. If you have not yet registered your application, you will need to do so in this section of the Central website. (See step one.)

You must decide which token type you will use in your application: Implicit, Password or Client.

If your application is a web-server-based application, or a browser-based application, and if it needs access to resources on behalf of a specific user, you should use the implicit grant type.

If your application is server-based (but not running on a web server), or desktop-based (but not running in a browser), or a native mobile application, and if it needs access to resources on behalf of a specific user, you should use the password grant type.

If your application needs access to NICE inContact resources that are not owned by a specific user, regardless of whether it is server-based, browser-based, desktop-based, or mobile, you should use the client grant type.

To learn more about token types, read the API authentication token tutorial.

Once you have the authorization key from step two, send an HTTPS request to the token service, including the authorization key, to receive a token. The token type is specified in the request payload (described below).

For Password and Client tokens the request must be sent to the NICE inContact Token Service URL:

https://api.incontact.com/InContactAuthorizationServer/Token

The HTTPS request must have an "authorization" header. The authorization header must be included using the following syntax: Authorization: basic {code}

For instance, using the base-64 encoded authorization code from the example in step two, you would create an authorization header like this:

Authorization: basic U3VwZXJXaWRnZXRAV2lkZ2V0c0luYy5jb206MTIzNDU2

You must also include a "request payload" in the body of the request. The payload is a JSON object that identifies the supported OAuth grant type you selected (see step two), and that provides any other information needed by the selected grant type.

If you selected the "password" grant type, the request body should look like this:

{
    "grant_type" : "password",
    "username" : "myuser@mydomain.com",
    "password" : "myP@ssw0rd",
    "scope" : ""
}

NOTE: The username and password are required parameters for the password grant type. The "scope" parameter identifies the APIs for which the token can be used. By default, you should pass in the NULL string ("") unless you want specifically restrict your application to a subset of APIs. For example, you can select PatronApi for an external-facing chat application.

You can also control the scopes an application has access to by passing in the NULL ("") string in your application and using the API Application configuration in Central to give and remove scope access.

Currently in the NICE inContact API Framework, the following API’s can be specified:

  • AdminAPI - Administrative APIs such as assigning a Skill to an Agent
  • AgentAPI - Agent Session APIs such as accepting a Contact
  • AuthenticationAPI - Authentication APIs such as resetting passwords
  • RealTimeDataAPI - Real Time Data APIs such as getting current state of Agents
  • ReportingAPI - Historical or calculated data
  • PatronAPI - APIs that do not require NICE inContact credentials such as Click-to-call
  • CustomAPI - Any APIs you create from the Studio scripting tool

Any of these APIs can be used with a password token.

If you want to retrieve a Client token, the request body should look like this:

{
    "grant_type" : "client_credentials",
    "scope" : "PatronApi"
}

NOTE: The "grant_type" for the Client token request is "client_credentials". Also note that since no user is required for this client token, the only API scope that it can be used for is the "Patron" API scope. The Admin, Authentication, Agent, RealTime and Reporting API scopes require a user context, so client tokens cannot be used with these API scopes.

NOTE: In case of using Client auth type you must use Application ID (see screenshot two in step one) instead of business unit when creating authorization key, i.e.

SuperWidget@WidgetsInc.com:ZWJkNWM0MzNiODQ5NDAyYmIyZGFhNDg3ZDEzZgJkYzc

instead of

SuperWidget@WidgetsInc.com:123456

Below are examples of HTTP requests for each of these grant types:

"Password" grant REQUEST

Request URL: https://api.incontact.com/InContactAuthorizationServer/Token 
Request Method: POST
Request Headers: POST /InContactAuthorizationServer/Token HTTP/1.1
Host: api.incontact.com
Connection: keep-alive
Content-Length: 98
Origin: http://myapp.example.com 
Authorization: basic U3VwZXJXaWRnZXRAV2lkZ2V0c0luYy5jb206MTIzNDU2 
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) 
            Chrome/23.0.1271.95 Safari/537.11 
Content-Type: application/json; charset=UTF-8 
Accept: application/json, text/javascript, */*; q=0.01 
Referer: http://myapp.example.com/mainPage 
Accept-Encoding: gzip,deflate,sdch 
Accept-Language: en-US,en;q=0.8 
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Request Payload: 
{
   "grant_type" : "password", 
   "username" : "myuser@mydomain.com", 
   "password" : "myP@ssw0rd", 
   "scope" : "" 
}

"Client" grant REQUEST

Request URL: https://api.incontact.com/InContactAuthorizationServer/Token
Request Method: POST
Request Headers:
        POST /InContactAuthorizationServer/Token HTTP/1.1
Host: api.incontact.com
Connection:  keep-alive
Content-Length: 65
Origin: http://myapp.example.com
Authorization: basic H6CwZTJfYaWKnZDeAV2lkZS5o2V7U0c4lgIy5jb2675B6+MTIzNDdfgd9786dg/0hdUfyhuDFHDA2=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko)
            Chrome/23.0.1271.95 Safari/537.11
Content-Type: application/json; charset=UTF-8
Accept: application/json, text/javascript, */*; q=0.01
Referer: http://myapp.example.com/mainPage
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Request Payload:
{
   "grant_type" : "client_credentials", 
   "scope" : "PatronAPI"
}

Other than different "grant_type" values in the request payload (and the inclusion of "username" and "password" parameters for the "password" flow), the requests are identical.

If your application is a web-server-based application, or a browser-based application that needs access to resources on behalf of a specific user, and you have decided to use the Implicit Grant type, there are a few steps that are unique to this token grant process that we will describe below

To learn more about token types, read the API authentication token tutorial.

Because the Implicit Grant involves directing the user to an NICE inContact authorization page, the authorization key from step two, is not required. Instead you will just pass in the Client ID that is made up of the Application Name and Vendor Name using the @ symbol as described below.

var application = "SuperWidgets";
var vendor = "WidgetsInc.com";
var client_id = window.btoa(application + "@" + vendor);

For Implicit Grant tokens the request must be sent to the NICE inContact Authenticate Service URL:

https://api.incontact.com/InContactAuthorizationServer/Authenticate

You must also define and pass into the NICE inContact Authenticate service several parameters that control how the service will interact with the user and what type of token will be returned from the request.

One required parameter that is unique to Implicit Grant tokens is a "redirect_uri" that contains the URI for the application that will consume the token received from this request. This must match exactly one of the Authorized Callback URLs that you added to the API Application registered in step one of this tutorial.

Some of these parameters must be URI encoded and others are sent as regular strings as described below.

var implicitUri = "https://api.incontact.com/InContactAuthorizationServer/Authenticate";
var client_id = "SuperWidget@WidgetsInc.com";
var token_scope = "AdminApi AgentApi";
var redirect_uri = "https://customapplication.superwidgets.com/authenticated";
var state_object = "myState";

function RedirectToAuthPage() {
    var url = implicitUri;
    url = url + "?state=" + state_object;
    url = url + "&response_type=token";
    url = url + "&client_id=" + encodeURIComponent(client_id);
    url = url + "&redirect_uri=" + encodeURIComponent(redirect_uri);
    url = url + "&scope=" + encodeURIComponent(token_scope);
    window.location.href = url;
}

NOTE: The "scope" parameter must be populated for Implicit Grant tokens. If you pass in the NULL string ("") you will receive a token that does not have access to any API scopes.

Currently in the NICE inContact API Framework, the following API’s can be specified:

  • AdminAPI - Administrative APIs such as assigning a Skill to an Agent
  • AgentAPI - Agent Session APIs such as accepting a Contact
  • AuthenticationAPI - Authentication APIs such as resetting passwords
  • RealTimeDataAPI - Real Time Data APIs such as getting current state of Agents
  • ReportingAPI - Historical or calculated data
  • PatronAPI - APIs that do not require NICE inContact credentials such as Click-to-call
  • CustomAPI - Any APIs you create from the Studio scripting tool

Once you make the request, the user will be redirected to the NICE inContact Implicit Login page and be prompted for their NICE inContact username and password as shown below.

If the user successfully logs into the NICE inContact platform, they will be redirected to the Implicit Grant page where they will be shown a description of the API Scopes that your application is requesting and be required to either Grant or Deny that access as shown below.

Below is an example of HTTP an request for the Implicit Grant:

"Implicit" grant REQUEST

Request URL: https://api.incontact.com/InContactAuthorizationServer/Authenticate HTTP/1.1
Request Method: POST
Request Headers:
        POST /InContactAuthorizationServer/Authenticate HTTP/1.1
Host: api.incontact.com
Connection:  keep-alive
Content-Length: 156
Origin: https://api.incontact.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) 
            Chrome/23.0.1271.95 Safari/537.11 
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*; q=0.01 
Referer: https://api.incontact.com/InContactAuthorizationServer/Authenticate?client_id=SuperWidgets@WidgetsInc.com
     &redirect_uri=https://customapplication.superwidgets.com&response_type=token&scope=AdminApi%20AgentApi&state=myState
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8 
client_id=SuperWidgets@WidgetsInc.com&redirect_uri=https://customapplication.superwidgets.com
    &response_type=token&scope=AdminApi%20AgentApi&state=myState

The token service returns a JSON object in the response body that contains the access token, as well as other information that you will need. For example, the following could be returned as part of the password grant response:

Response body for Password or Client Grant:

{ 
    access_token: "h9l2tWy5ZIApljMFpvJqitJyU2n8SNe1Q5hP85IeMZpwt+ULZt9plv5vKea4eRce57w++yOe2f/j
    AHOMYs81a2RuJdFBRXV/eyUGcyWp79R+OX+MwN/SJYoQBV6ZrGshyyciZkk1/Q4wGEZLw0de9JxGPajm1O9V7
    7GVjRBozESy11+v0Fgp918kxiC0/sCD4bjino6Lkvu2fnHf30sW1zF8LDI7OHqdKaVcMzguMcINtxu55FlKuC
    +UQnesuE2d6LRg4ZxQp3q9jdxETHwvTYkskQLLT+/wmpEW36yryqIlpGzuBv5LmUr83nOb+1zZas34bhJqBxg
    UKztT9GdV5alsT0MQmoNV6Hn5PviO7X47JTey2EvspVkrPnLABUANJ9GfMJKtyUiICXJwk47FmQ==" 
    token_type: "bearer" 
    expires_in: 3600 
    refresh_token: "PX3SnlieM0a22Ij2hGfIxg==" 
    refresh_token_server_uri: 
        "https://api-{cluster}.incontact.com/InContactAuthorizationServer/Token" 
    resource_server_base_uri: "https://api-{cluster}.incontact.com/inContactAPI/" 
    scope: "RealTimeApi AdminApi AuthenticationApi PatronApi AgentApi CustomApi" 
    agent_id: 645328 
    team_id: 103748 
}

The response body contains a JSON object that provides the token, the expiration time limit for the token, the refresh token, the scope for the token (i.e. which APIs the token can be used with), and a "resource server base URI" and "refresh token server base URI." Each of these is explained below:

access_token: 
        This is the token value you send with each API call
token_type:
        This is the value included before the token in the authorization header for
        each API call
expires_in: 
        This is the number of seconds after which the token will expire (from the 
        time of the token’s creation). NICE inContact uses a value of 3600 seconds for 
        all Password and Client Grant tokens 
refresh_token: 
        This is set to NULL for Client Grant tokens as no credentials are needed 
        for a Client token.  For Password Grants this is the encoded information 
        used to retrieve a new API token when the API token expires. This token 
        will be valid for 7200 seconds
refresh_token_server_uri: 
        This is the base URI for the token service used to retrieve a new token 
        when the original token expires, using the refresh token for Password Grants. 
resource_server_base_uri: 
        This is the base URI for calling all APIs and contains the name of the 
        cluster, represented by {cluster}, that your Buiness Unit is authorized 
        to use, based on the application and user identifiers supplied in the 
        authorization key. You must use this new base URI to use any of the 
        APIs with the access_token. 
scope: 
        Specifies which of the available APIs your application is authorized to 
        use. For Client Grants, only the PatronApi scope is allowed regardless of 
        the values in this field
agent_id: 
        This is the ID of the agent whose credentials were used to retrieve the 
        token for Password Grants and is NULL for Client Grants
team_id: 
        This is the ID of the team which agent belongs to Password Grants and is 
        NULL for Client Grants 

Response QueryString values for Implicit Grant:

    state: "myState" 
    scope: "AdminApi AgentApi" 
    access_token: "h9l2tWy5ZIApljMFpvJqitJyU2n8SNe1Q5hP85IeMZpwt+ULZt9plv5vKea4eRce57w++yOe2f/j
    AHOMYs81a2RuJdFBRXV/eyUGcyWp79R+OX+MwN/SJYoQBV6ZrGshyyciZkk1/Q4wGEZLw0de9JxGPajm1O9V7
    7GVjRBozESy11+v0Fgp918kxiC0/sCD4bjino6Lkvu2fnHf30sW1zF8LDI7OHqdKaVcMzguMcINtxu55FlKuC
    +UQnesuE2d6LRg4ZxQp3q9jdxETHwvTYkskQLLT+/wmpEW36yryqIlpGzuBv5LmUr83nOb+1zZas34bhJqBxg
    UKztT9GdV5alsT0MQmoNV6Hn5PviO7X47JTey2EvspVkrPnLABUANJ9GfMJKtyUiICXJwk47FmQ==" 
    token_type: "bearer" 
    expires_in: 5184000  
    resource_server_base_uri: "https://api-{cluster}.incontact.com/inContactAPI/" 

For Implicit Grants the user redirected to the URI passed in as "redirect_uri" with the above values passed in as QueryString values that can be used by the application accessed through that URI. Each of these is explained below:

state: 
        This is a user defined value that can be passed in to represent an initial
        state for the application identified by the redirect_uri parameter.  This
        can also be used to pass any additional information in the form of a string
        to be used in your application
scope: 
        Specifies which of the available APIs your application is authorized to 
        use. These will only be populated if the user "Granted" permissions to 
        those scopes from the Grant page
access_token: 
        This is the token value you send with each API call
token_type:
        This is the value included before the token in the authorization header for
        each API call
expires_in: 
        This is the number of seconds after which the token will expire (from the 
        time of the token’s creation). NICE inContact uses a value of 5184000 seconds 
        (60 days) for all Implicit Grant tokens 
resource_server_base_uri: 
        This is the base URI for calling all APIs and contains the name of the 
        cluster, represented by {cluster}, that your Buiness Unit is authorized 
        to use, based on the application and user identifiers supplied in the 
        authorization key. You must use this new base URI to use any of the 
        APIs with the access_token. 

Once you get the token response, you can use the token in any API call. Note that you will use the "resource_server_base_uri" value to make all API calls once you have a token. The difference is that this new URI will contain the cluster name where {cluster} represents the specific cluster your Business Unit is authorized to use. For example:

"https://api-{cluster}.incontact.com/inContactAPI/"

All of the NICE inContact API calls are RESTful and require the new base URI and an authorization header with a valid token:

Authorization: bearer {token}

For example, if you want to use the Admin API to retrieve a list of agents in your business unit, you would send an HTTPS request to the Agent List resource URI and include the API token as a "bearer Authorization" header:

"Agents" API REQUEST

Request URL: https://api-{cluster}.incontact.com/inContactAPI/services/v12.0/agents 
Request Method: GET
Request Headers: GET /InContactAPI/services/v12.0/agents HTTP/1.1
Host: api-{cluster}.incontact.com
Connection:  keep-alive
Content-Length: 65
Origin: http://myapp.example.com 
Authorization: bearer VAp4BUKosVW3DQa6mGVbF9gJVOCoi7fv7+Kp8piexdF24JjuwWeyi/ 
7jpU2YZVMwHIpfefuDsLFF144iMsJJeghS0uDMb+XO1wToISr8UswnFmlWDPiI2JuC5OlBLoRLNiG1nWfxkv
f2xg4vZ3TC5w5856I1u8oQsVx9j43xVEZJsuKR2TC3ydGNfkp+/xWu8ad67kRDcnqmV+/vi6fYVWwJWaeXO6
jFxJd8TYCVaYka1rf5uO065VKSuG++cq2I7y2zws/XEu8vwC95ZREXOr4UcgNqs+IIfl4IdNEqCBM= 
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) 
        Chrome/23.0.1271.95 Safari/537.11 
Content-Type: application/json; charset=UTF-8 
Accept: application/json, text/javascript, */*; q=0.01 
Referer: http://myapp.example.com/mainPage 
Accept-Encoding: gzip,deflate,sdch 
Accept-Language: en-US,en;q=0.8 
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 

When you retrieve a token from the Token Service, the token response contains a parameter called "expires_in" which indicates how long the token will last before it expires. This is one hour for Password and Client tokens and 60 days for Implicit tokens.

expires_in: 3600
or
expires_in: 5184000

You will also receive a "refresh_token" and "refresh_token_server_uri" that you should use to obtain a new token before your original token expires for Password and Client tokens. All refresh tokens expire in 7200 seconds or two hours from the original token grant.

A best practice is to use the refresh request 55 minutes after you receive the first token to get a new token that can be used for an additional 60 minutes. This way the user only needs to enter their credentials on startup and you do not need to store the information they enter anywhere in your application.

See sample code to use refresh tokens in step eight

grant_type: "refresh_token"
refresh_token: "PX3SnlieM0a22Ij2hGfIxg=="
refresh_token_server_uri: "https://api-{cluster}.incontact.com/InContactAuthorizationServer/Token"

NOTE: The Implicit token request does not return a refresh token. This is because the request requires the user to login directly to the NICE inContact Authorization server and grant access. The user will need to login in directly after the token expires in 60 days.

If you attempt to use a token that is expired in an API call, the API service will return an HTTPS status of "401 Unauthorized." If you get this response, simply request a new token using the same method that you used to retrieve the original token, and send the API request again with the new token.

Here are several examples of getting tokens using the three different "grant types":

Client Token

var result = {};
var application = "SuperWidgets";
var vendor = "WidgetsInc.com";
var applicationId = "ZWJkNWM0MzNiODQ5NDAyYmIyZGFhNDg3ZDEzZgJkYzc=";
var authCode = window.btoa(application + "@" + vendor + ":" + applicationId);
$.ajax({
    "url": 'https://api.incontact.com/InContactAuthorizationServer/Token',
    "type": 'post',
    "contentType": 'application/json',
    "dataType": 'json',
    "headers": {
        'Authorization': 'basic ' + authCode
    },
    "data": JSON.stringify({
        "grant_type": 'client_credentials',
        "scope": 'PatronApi'
    }),
    "success": function (resp) {
        result.access_token = resp.access_token;
        result.token_type = resp.token_type;
        result.resource_server_base_uri = resp.resource_server_base_uri;
    },
    "error": function (XMLHttpRequest, textStatus, errorThrown) {
        alert("Failed to retrieve token.\n" + XMLHttpRequest.status + ' ' 
            + XMLHttpRequest.statusText);
    }
});

Password Token

var result = {};
var application = "SuperWidget";
var vendor = "WidgetsInc.com";
var businessunit = "1234567890";
var user = "user@example.com";
var pass = "test123";
var authCode = window.btoa(application + "@" + vendor + ":" + businessunit);
$.ajax({
    "url": 'https://api.incontact.com/InContactAuthorizationServer/Token',
    "type": 'post',
    "contentType": 'application/json',
    "dataType": 'json',
    "headers": {
        'Authorization': 'basic ' + authCode
    },
    "data": JSON.stringify({
    "grant_type": 'password',
    "username": user,
    "password" : pass,
    "scope": 'AdminApi AgentApi AuthenticationApi PatronApi RealTimeApi'
    }),
    "success": function (resp) {
        result.access_token = resp.access_token;
        result.token_type = resp.token_type;
        result.resource_server_base_uri = resp.resource_server_base_uri;
        result.expires_in = resp.expires_in;
        result.refresh_token = resp.refresh_token;
        result.scope = resp.scope;
        result.refresh_token_server_uri = resp.refresh_token_server_uri;
    },
    "error": function (XMLHttpRequest, textStatus, errorThrown) {
        alert("Failed to retrieve token.\n" + XMLHttpRequest.status + ' ' 
            + XMLHttpRequest.statusText);
    }
});

Using the Refresh Token

var application = "appName";
var vendor = "vendor.example.com";
var businessunit = "1234567890";
var authCode = window.btoa(application + "@" + vendor + ":" + businessunit);
$.ajax({
    url: result.refresh_token_server_uri;
    type: "POST",
    contentType: "application/json",
    dataType: "json",
    data: JSON.stringify({
        "grant_type": "refresh_token",
        "refresh_token": result.refresh_token
    }),
    headers: {
        "Authorization": "basic " + authCode
    },
    success: function (data) {
        result.access_token = data.access_token;
        result.token_type = data.token_type;
        result.expires_in = data.expires_in;
        result.refresh_token = data.refresh_token;
        result.scope = data.scope;
        result.resource_server_base_uri = data.resource_server_base_uri;
        result.refresh_token_server_uri = data.refresh_token_server_uri;
    },
    error: function (xhr, status) {
        alert(xhr.status);
    }
});

Implicit Token

var result = {};
var implicitUri = "https://api.incontact.com/InContactAuthorizationServer/Authenticate";
var client_id = "SuperWidgets@WidgetsInc.com";
var token_scope = "RealTimeApi AdminApi AuthenticationApi PatronApi AgentApi";
var redirect_uri = "https://customapplication.superwidgets.com";
var state_object = "myState";
function RedirectToAuthPage() {
    var url = implicitUri;
    url = url + "?state=" + state_object;
    url = url + "&response_type=token";
    url = url + "&client_id=" + encodeURIComponent(client_id);
    url = url + "&redirect_uri=" + encodeURIComponent(redirect_uri);
    url = url + "&scope=" + encodeURIComponent(token_scope);

    window.location.href = url;
}
$(document).ready(function () {
    var query_string = {};
    var query = window.location.search.substring(1);
    var vars = query.split("&");
    for (var i=0; i < vars.length; i++) {
        var pair = vars[i].split("=");
        query_string[pair[0]] = pair[1];
    }
    if (typeof(query_string.access_token) != "undefined") {
        result.state = query_string.state;
        result.scope = query_string.scope;
        result.access_token = query_string.access_token;
        result.expires_in = query_string.expires_in;
        result.resource_server_base_uri = query_string.resource_server_base_uri;
        result.token_type = query_string.token_type;            
    }
});