ShareFile OAuth Password Grant Type ================================== Configuration: ============== Subdomain: cazarin Client ID: CwOHHD06vOwW4QlxPEYH4GULOhgoZLAw Client Secret: l1ua****Zjjk Username: david@cazarin.com Password: ******************* Token Request Details: ===================== URL: https://cazarin.sharefile.com/oauth/token Method: POST Content-Type: application/x-www-form-urlencoded Request Body: grant_type=password&username=david%40cazarin.com&password=if3w+ynzy+pfgx+i4dg&client_id=CwOHHD06vOwW4QlxPEYH4GULOhgoZLAw&client_secret=l1ua69h2mLoVmzgasRxq8H0F7SPXJedDYAqifLPFbLJkZjjk Response: ========= HTTP Code: 200 Verbose cURL Output: =================== * processing: https://cazarin.sharefile.com/oauth/token * Trying 76.223.1.166:443... * Connected to cazarin.sharefile.com (76.223.1.166) port 443 * ALPN: offers h2,http/1.1 * CAfile: /etc/pki/tls/certs/ca-bundle.crt * CApath: none * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 * ALPN: server accepted h2 * Server certificate: * subject: CN=*.sharefile.com * start date: Oct 5 00:00:00 2025 GMT * expire date: Nov 3 23:59:59 2026 GMT * subjectAltName: host "cazarin.sharefile.com" matched cert's "*.sharefile.com" * issuer: C=US; O=Amazon; CN=Amazon RSA 2048 M01 * SSL certificate verify ok. * using HTTP/2 * h2 [:method: POST] * h2 [:scheme: https] * h2 [:authority: cazarin.sharefile.com] * h2 [:path: /oauth/token] * h2 [content-type: application/x-www-form-urlencoded] * h2 [accept: application/json] * h2 [content-length: 183] * Using Stream ID: 1 > POST /oauth/token HTTP/2 Host: cazarin.sharefile.com Content-Type: application/x-www-form-urlencoded Accept: application/json Content-Length: 183 < HTTP/2 200 < date: Fri, 30 Jan 2026 15:29:06 GMT < content-type: application/json;charset=UTF-8 < content-length: 430 < set-cookie: AWSALBTG=X5PSYLJxdW+hQkoElI9umhsDT90rRjuvYHILajsyyNNV2R4U/Vy+96vhHEaxcaNT7BJVXtycIIGFjEH+5wapvh8sud+TNri2g70j0nLDQ9tH0cx8dyf4ar+0oNdXrSbTEeMjVKu4FW6bQ489XYOVC1qL9cYaVhuCggCyjIf4CZYP; Expires=Fri, 06 Feb 2026 15:29:05 GMT; Path=/ < set-cookie: AWSALBTGCORS=X5PSYLJxdW+hQkoElI9umhsDT90rRjuvYHILajsyyNNV2R4U/Vy+96vhHEaxcaNT7BJVXtycIIGFjEH+5wapvh8sud+TNri2g70j0nLDQ9tH0cx8dyf4ar+0oNdXrSbTEeMjVKu4FW6bQ489XYOVC1qL9cYaVhuCggCyjIf4CZYP; Expires=Fri, 06 Feb 2026 15:29:05 GMT; Path=/; SameSite=None; Secure < set-cookie: AWSALB=2I8vc7Xm9iorTmZ7sOoZLxNQx6fwpD/WbwHY96m4yBE9Jl4TuJV+5sYXHz9WJ1oqnky2zCnYxMsPzRT7RJnb1MFJa+XnmapRQdE+GuxLDC7vN/m6bnXQT8O0KwMS; Expires=Fri, 06 Feb 2026 15:29:05 GMT; Path=/ < set-cookie: AWSALBCORS=2I8vc7Xm9iorTmZ7sOoZLxNQx6fwpD/WbwHY96m4yBE9Jl4TuJV+5sYXHz9WJ1oqnky2zCnYxMsPzRT7RJnb1MFJa+XnmapRQdE+GuxLDC7vN/m6bnXQT8O0KwMS; Expires=Fri, 06 Feb 2026 15:29:05 GMT; Path=/; SameSite=None; Secure < cache-control: no-store, no-cache < expires: Thu, 29 Jan 2026 15:29:05 GMT < citrix-transactionid: 3bbcca90-3b80-46ee-b64f-9e21fcd8f7bc < correlationid: _a8qzT6Nkk6x6wIHheSxtA < x-content-type-options: nosniff < x-xss-protection: 1; mode=block < x-frame-options: DENY < x-robots-tag: noindex < x-sfapi-requestid: gneQaOsVnkuEMgmGQgxJRQ < * Connection #0 to host cazarin.sharefile.com left intact Response Body: ============== {"access_token":"rB3OiJ3sfZpOOf1l6cawDXnPhNb5iLwS$$wGwz6EQn4g5TI9SstMqvmI9VWkKEe0gO","refresh_token":"rB3OiJ3sfZpOOf1l6cawDXnPhNb5iLwS$$orHDkh00GDgaKzxXzovzNSrWSzf34DBqUzzW0B9R","token_type":"bearer","expires_in":28800,"appcp":"sharefile.com","apicp":"sf-api.com","subdomain":"cazarin","access_files_folders":true,"modify_files_folders":true,"admin_users":true,"admin_accounts":true,"change_my_settings":true,"web_app_login":true} ✅ SUCCESS: Token obtained! Access Token: rB3OiJ3sfZpOOf1l6caw... Token Type: bearer Expires In: 28800 seconds Refresh Token: rB3OiJ3sfZpOOf1l6caw... Subdomain: cazarin API Control Plane: sf-api.com Next Steps: =========== If this works, we can update the SimpleShareFileAPI.php to use this URL structure. If it fails, we may need to use the Authorization Code flow instead.