Authentication

You will need:

Authentication across all APIs is based on OAUTH2

Therefore the authentication process is always in two stages:

  1. Call the authorisation server. Assuming secure machine-to-machine services, call it with client ID and client secret via POST. Note that this may raise security issues when the services are not secure.
  2. The authorisation server checks the credentials and returns an access token. Developers can use the access token for subsequent API calls until it expires.

Depending on the auth flow the first call might also return a refresh token that can be used to gain a new access token. If that is the case, use that instead of the regular credentials used in the first call.

Authentication flow diagram
fig:1.0 illustration of OAUTH2 flow.

Sample Authentication Code.

As mentioned above we need an access token to access all other endpoints. Below is a sample request in CURL.


      curl --location --request POST 'https://login.etrusted.com/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id={client_id}' \
--data-urlencode 'client_secret={client_secret}' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'audience=https://api.etrusted.com'

    

Notes

  • {client_id}: replace this with your client secret.
  • {client_secret}: replace this with your client credentials.

Authentication response

The response of the authorisation call contains an access token.


      {
    "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImFueS1raWQtbnVtYmVyIn0.eyJqdGkiOiIuLi4iLCJleHAiOjE1NTc4Mzk2NDIsIm5iZiI6MCwiaWF0IjoxNTU3NzUzMjQyLCJpc3MiOiJodHRwczovL2xvZ2luLmV0cnVzdGVkLmNvbS9hdXRoL3JlYWxtcy9idXNpbmVzcyIsImF1ZCI6Imtub3duLWF1ZCIsInN1YiI6InN1Yi11dWlkIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoia25vd24tYXVkIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoic3RhdGUtdXVpZCIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsibXkiLCJvcmlnaW5zIl0sInJlc291cmNlX2FjY2VzcyI6eyJyZWFsbS1tYW5hZ2VtZW50Ijp7InJvbGVzIjpbIm15Iiwicm9sZXMiXX19LCJuYW1lIjoiRmlyc3ROYW1lIExhc3ROYW1lIiwicHJlZmVycmVkX3VzZXJuYW1lIjoibXlAZXhhbXBsZS5jb20iLCJodHRwczovL2V0cnVzdGVkLmNvbSI6eyJhY2NvdW50UmVmIjoiYWNjLVVVSUQiLCJyb2xlIjoib3duZXIiLCJwZXJtaXNzaW9ucyI6eyJyZXNvdXJjZVNldElkIjoidXJuOmV0cnVzdGVkOm15LXJvbGUxIn19LCJnaXZlbl9uYW1lIjoiRmlyc3ROYW1lIiwibG9jYWxlIjoiZW4iLCJmYW1pbHlfbmFtZSI6Ikxhc3ROYW1lIiwiZW1haWwiOiJteUBleGFtcGxlLmNvbSJ9.aUENy65fluD21xNf-yfWadkEx8zSWADZA7JxdYURE4w",
    "expires_in": 36000,
    "token_type": "Bearer",
    "refresh_token":  "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImFueS1raWQtbnVtYmVyIn0.eyJqdGkiOiIuLi4iLCJleHAiOjE1NjU1MjkyNDIsIm5iZiI6MCwiaWF0IjoxNTU3NzUzMjQyLCJpc3MiOiJodHRwczovL2xvZ2luLmV0cnVzdGVkLmNvbS9hdXRoL3JlYWxtcy9idXNpbmVzcyIsImF1ZCI6Imtub3duLWF1ZCIsInN1YiI6InN1Yi11dWlkIiwidHlwIjoiUmVmcmVzaCIsImF6cCI6Imtub3duLWF1ZCIsImF1dGhfdGltZSI6MCwic2Vzc2lvbl9zdGF0ZSI6InN0YXRlLXV1aWQiLCJyZXNvdXJjZV9hY2Nlc3MiOnsicmVhbG0tbWFuYWdlbWVudCI6eyJyb2xlcyI6WyJteSIsInJvbGVzIl19fX0.XhlX-LKerNl0paTtHPfNmnMkHYbHbxbUeWR0IHYnOuc",
    "refresh_expires_in": 1800
}

    

Using your access token

With the access_token you now have the complete access to all endpoints within the granted access group. All through the rest of the documentation, you will find information regarding how to use this access_token. The access_token is valid for a limited time specified in the response of the authentication call.

You will have to provide this within the header of your request


      "Authorization" : "Bearer {access_token}"
"Content-Type" : "application/json"

    

Need further support?

Visit the Help Centre for further information, or contact us. Are some words or terms unfamiliar? Then visit the glossary for clarification.