© 2018 Capita Business Services Ltd. All rights reserved.

Capita Education Software Solutions is a trading name of Capita Business Services Ltd. Our Registered office is 30 Berners Street, London, W1T 3LR and our registered number is 02299747. Further information about Capita plc can be found in our legal statement.

Token Endpoint

The token endpoint can be used to programmatically request or refresh tokens (resource owner password credential flow, authorisation code flow, client credentials flow and custom grant types).

Supported Parameters

  • grant_type (required)
    • authorization_code, client_credentials, password, refresh_token or custom
  • scope (required for all grant types besides refresh_token and code)
  • redirect_uri (required for code grant type)
  • code (required for code grant)
  • code_verifier (required when using proof keys)
  • username (required for password grant type)
    password (required for password grant_type)
  • acr_values (allowed for password grant type to pass additional information to user service)
    • idp:name_of_idp bypasses the login screen and forwards the user directly to the selected external identity provider if configured for the client. For example, using idp:Microsoft for configured clients will forward the user directly to Microsoft Account for external authentication into SIMS ID.
  • refresh_token (required for refresh token grant)
  • client_id (either in the post body, or as a basic authentication header)
  • client_secret (either in the post body, or as a basic authentication header)


All requests to the token endpoint must be authenticated - either pass client id and secret via Basic Authentication or add client_id and client_secret fields to the POST body.

When providing the client_id and client_secret in the Authorization header it is expected to be in the format of client_id:client_secret and then Base64 encoded.

c# Example:

var clientId = "YOUR_CLIENT_ID";
var clientSecret = "YOUR_CLIENT_SECRET";

var encoding = Encoding.UTF8;
var credentials = string.Format("{0}:{1}", clientId, clientSecret);

var headerValue = Convert.ToBase64String(encoding.GetBytes(credentials));


(Form-encoding removed and line breaks added for readability)

POST /connect/token
Authorization: Basic abcxyz


Register as a Technical Integrator

Click Here to register

Capita DeX Web-Based API RESOURCES

Related resources for Capita DeX Web-Based API