Version: 4.0 (2026 H1)

Authentication

The primedocs Web API uses OAuth 2.0 with Bearer tokens for authentication. Clients must be registered in primedocs.config before they can obtain access tokens.

Overview

Authentication is handled via the Identity Server (IdS) included in the primedocs installation. After a client is registered, it can request an access token using the client_credentials grant type.

The access token must then be included in the Authorization header of all API calls:

Authorization: Bearer <access_token>

Client Registration

To register a client, add an entry to primedocs.config. See primedocs.config for details.

Token Request

Access tokens are requested from the token endpoint:

POST https://{instance}/ids/connect/token

The request body must include:

client_id — the registered client ID
client_secret — the client secret
grant_type — must be client_credentials
scope — the required scope (e.g., pd_AdminWebApi or pd_ConnectWebApi)

API Scopes

Scope	Description
`pd_AdminWebApi`	Access to the Admin API for administrative operations
`pd_ConnectWebApi`	Access to the Connect API and Connect Session API for document generation

Example

See the individual API pages for full PowerShell examples showing how to obtain and use access tokens:

Overview​

Client Registration​

Token Request​

API Scopes​

Example​

Overview

Client Registration

Token Request

API Scopes

Example