Token-Based Authentication

Users can integrate their public APIs with the help of token-based authentication.

Prerequisites

• Create an OIDC client. For information on creating an OIDC client, see Create OIDC Client.

• Get Access Token

Get Access Token

To get an access token, we should follow the industry-specific standard (client credential flow) as detailed below:

Authentication

OIDC client creation API response gives client_id and client_secret that must be passed in /oauth2/token API to get the Access Token.

HTTP Method

POST

Request URI

curl --location --request POST 'https://<host>/oauth2/token' \

--header 'Content-Type: application/x-www-form-urlencoded'

--header 'Authorization: Basic Base64-encoded string of client_id:client_secret\

--data-urlencode 'grant_type=client_credentials'

Response

{

“access_token”: <token>

”token_type”: “Bearer”,

“expires_in”:3599

}

How to access public APIs using Access Token?

To access public APIs, we need to pass the access_token as shown below: 

curl--location--request POST 'url' \

--header 'Content-Type: application/json' \

--header 'Authorization: Bearer access_token'

\--data-raw '{

"accountGuid":"1181cdec-f141-4de3-b71a-36fc26ab9a4a" }'