OAuth 2.0 endpoints

The Authorization Server provides a set of endpoints that client apps can use for different operations during the OAuth flows. An authorization endpoint lets client apps initialize an OAuth flow. A token endpoint facilitates an exchange of an authorization code for access and refresh tokens. A revocation endpoint provides a way to revoke a refresh token.

The Authorization Server provides the following OAuth-related endpoints:

Authorization endpoint
https://oauth.akamai.com/v1/authorize
A client app may send a request to this endpoint to receive authorization to access a resource owner’s data residing on a resource server. This action initializes an OAuth flow.
Token endpoint
https://oauth.akamai.com/v1/token
This endpoint is only applicable to the authorization code grant flow. A client app may send an initial request to this endpoint to exchange an authorization code for access and refresh tokens. Subsequently, a client app may use this endpoint to exchange a refresh token for a new access token, when the current access token is expired.
Revocation endpoint
https://oauth.akamai.com/v1/revoke
This endpoint is currently only applicable to the authorization code grant flow where refresh tokens are present. A client app may send a request to this endpoint to revoke a refresh token that hasn’t expired but is no longer needed. A client app cannot use a revoked refresh token to obtain a new access token, but an access token that has already been issued via the revoked refresh token can still be used until its expiration.
JSON Web Key Set endpoint
https://oauth.akamai.com/.well-known/jwks.json
A client app may send a request to this endpoint to receive a set of public keys that you can use to verify the integrity of JWTs issued by the Authorization Server.

For more information on OAuth 2.0 endpoints, see RFC 6749 and RFC 7009.