ShareFile OAuth Password Grant Type ================================== Configuration: ============== Subdomain: cazarin Client ID: CwOHHD06vOwW4QlxPEYH4GULOhgoZLAw Client Secret: l1ua****Zjjk Username: david@cazarin.com Password: ******************* Token Request Details: ===================== URL: https://cazarin.sharefile.com/oauth/token Method: POST Content-Type: application/x-www-form-urlencoded Request Body: grant_type=password&username=david%40cazarin.com&password=if3w+ynzy+pfgx+i4dg&client_id=CwOHHD06vOwW4QlxPEYH4GULOhgoZLAw&client_secret=l1ua69h2mLoVmzgasRxq8H0F7SPXJedDYAqifLPFbLJkZjjk Response: ========= HTTP Code: 200 Verbose cURL Output: =================== * processing: https://cazarin.sharefile.com/oauth/token * Trying 76.223.1.166:443... * Connected to cazarin.sharefile.com (76.223.1.166) port 443 * ALPN: offers h2,http/1.1 * CAfile: /etc/pki/tls/certs/ca-bundle.crt * CApath: none * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 * ALPN: server accepted h2 * Server certificate: * subject: CN=*.sharefile.com * start date: Oct 5 00:00:00 2025 GMT * expire date: Nov 3 23:59:59 2026 GMT * subjectAltName: host "cazarin.sharefile.com" matched cert's "*.sharefile.com" * issuer: C=US; O=Amazon; CN=Amazon RSA 2048 M01 * SSL certificate verify ok. * using HTTP/2 * h2 [:method: POST] * h2 [:scheme: https] * h2 [:authority: cazarin.sharefile.com] * h2 [:path: /oauth/token] * h2 [content-type: application/x-www-form-urlencoded] * h2 [accept: application/json] * h2 [content-length: 183] * Using Stream ID: 1 > POST /oauth/token HTTP/2 Host: cazarin.sharefile.com Content-Type: application/x-www-form-urlencoded Accept: application/json Content-Length: 183 < HTTP/2 200 < date: Fri, 30 Jan 2026 15:30:15 GMT < content-type: application/json;charset=UTF-8 < content-length: 430 < set-cookie: AWSALBTG=ko6YtIg5QtKYNlLeyvPb7HEc+K7sxC+jhInN+2G41QxbvPUhuDo/c0cPyne1+to64keXo9PpCQIF7+Kt2L+ISPhSM/mjJZWtOI08OBsflTk2l/pfYtYeu5nGfLGHycZ+CcTpJ9HTkgKWkniBB2CvVr7lRzjqg/oIZGaoNaZsvDww; Expires=Fri, 06 Feb 2026 15:30:15 GMT; Path=/ < set-cookie: AWSALBTGCORS=ko6YtIg5QtKYNlLeyvPb7HEc+K7sxC+jhInN+2G41QxbvPUhuDo/c0cPyne1+to64keXo9PpCQIF7+Kt2L+ISPhSM/mjJZWtOI08OBsflTk2l/pfYtYeu5nGfLGHycZ+CcTpJ9HTkgKWkniBB2CvVr7lRzjqg/oIZGaoNaZsvDww; Expires=Fri, 06 Feb 2026 15:30:15 GMT; Path=/; SameSite=None; Secure < set-cookie: AWSALB=Vyj6HYXVT9lalKLhs+uwJVNV4ZwHyhp9GI2X1SE4JYT71QFD1YCWEv3s9iQv6HWfOZgEX46QNy0DiSjbCGhOmxQs2CMmgSpTOf6kAkzcQhCx9uicVGN9ilyg2vxb; Expires=Fri, 06 Feb 2026 15:30:15 GMT; Path=/ < set-cookie: AWSALBCORS=Vyj6HYXVT9lalKLhs+uwJVNV4ZwHyhp9GI2X1SE4JYT71QFD1YCWEv3s9iQv6HWfOZgEX46QNy0DiSjbCGhOmxQs2CMmgSpTOf6kAkzcQhCx9uicVGN9ilyg2vxb; Expires=Fri, 06 Feb 2026 15:30:15 GMT; Path=/; SameSite=None; Secure < cache-control: no-store, no-cache < expires: Thu, 29 Jan 2026 15:30:15 GMT < citrix-transactionid: 914b9ab2-e229-4375-a074-d05189667c3a < correlationid: -7v96zNmzEyu3K2Bx0-RUg < x-content-type-options: nosniff < x-xss-protection: 1; mode=block < x-frame-options: DENY < x-robots-tag: noindex < x-sfapi-requestid: 4D-EBhBxRUWu1v8-SWPfkA < * Connection #0 to host cazarin.sharefile.com left intact Response Body: ============== {"access_token":"yQtfP47BHkBRrElKbpC6UmzbEk37KYiO$$MbxAVnrJWYtP3C0WG4eUEQrkxOrEm6B6","refresh_token":"yQtfP47BHkBRrElKbpC6UmzbEk37KYiO$$Scs9J8Y4jFK5UmNCLpcYxLJXPzBYa7fqAbpFco9z","token_type":"bearer","expires_in":28800,"appcp":"sharefile.com","apicp":"sf-api.com","subdomain":"cazarin","access_files_folders":true,"modify_files_folders":true,"admin_users":true,"admin_accounts":true,"change_my_settings":true,"web_app_login":true} ✅ SUCCESS: Token obtained! Access Token: yQtfP47BHkBRrElKbpC6... Token Type: bearer Expires In: 28800 seconds Refresh Token: yQtfP47BHkBRrElKbpC6... Subdomain: cazarin API Control Plane: sf-api.com Next Steps: =========== If this works, we can update the SimpleShareFileAPI.php to use this URL structure. If it fails, we may need to use the Authorization Code flow instead.