eTrusted Control Centre

Authentication

Setup and Authentication

In order to authenticate you will need to create an API Client.

Your API credentials should include a client_id and a client_secret, with these credentials you should have access to the APIs.

Authentication

NOTE: For a more detailed guide on the authentication process please visit the authentication section of our API documentation.

Below is an example showing how you would authenticate using CURL:

curl --location --request POST 'https://login.etrusted.com/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id={client_id}' \
--data-urlencode 'client_secret={client_secret}' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'audience=https://api.etrusted.com'

Also, it's best to keep your {client_id} and {client_secret} away from prying eyes by authenticating on the server-side.

On a successful request, you get back a response payload similar to this:

{
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJTVHpnYzZfTEM3ZHVnZkNoZVpoUzQyd0dNWVAyM0lBTUdkWGUtWTJrb3ZjIn0.eyJleHAiOjE2NDY5MDU2NjMsImlhdCI6MTY0NjkwNTM2MywianRpIjoiMDMzYmEzYTEtNzAxMS00YjUyLWI2MDUtODQ0OTQyMWQ4YzM0IiwiaXNzIjoiaHR0cHM6Ly9sb2dpbi1xYS5ldHJ1c3RlZC5jb20vYXV0aC9yZWFsbXMvYnVzaW5lc3MtUUEiLCJhdWQiOlsiYjJiLWN1c3RvbS1jbGllbnQiLCJhY2NvdW50Il0sInN1YiI6ImNmZTdiYjFiLWQ4YmMtNDQxNi05NGE2LTgwZjk1MGRkYThjNCIsInR5cCI6IkJlYXJlciIsImF6cCI6Ilhra2VkODRqdlVYb0N5RXFOTzUwUloyYThGeGw1U1NoS3V2M0NEYmciLCJhY3IiOiIxIiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbImIyYl91c2VyIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJwcm9maWxlIGVtYWlsIiwiYXJlYXMtYWxsb3dlZCI6WyJtYXJzIl0sImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwiY2xpZW50SG9zdCI6IjgzLjIyMi40OS43OSIsImNsaWVudElkIjoiWGtrZWQ4NGp2VVhvQ3lFcU5PNTBSWjJhOEZ4bDVTU2hLdXYzQ0RiZyIsInByZWZlcnJlZF91c2VybmFtZSI6InNlcnZpY2UtYWNjb3VudC14a2tlZDg0anZ1eG9jeWVxbm81MHJ6MmE4ZnhsNXNzaGt1djNjZGJnIiwiaWRlbnRpdHlSZWYiOiJpZG4tNGVkMzkwN2UtMmY4OC00OGY1LTk2NWYtNGZkNmYyNjQ1Y2RkIiwiY2xpZW50QWRkcmVzcyI6IjgzLjIyMi40OS43OSIsImVtYWlsIjoic2VydmljZS1hY2NvdW50LXhra2VkODRqdnV4b2N5ZXFubzUwcnoyYThmeGw1c3Noa3V2M2NkYmdAcGxhY2Vob2xkZXIub3JnIn0.dUuy0RXZjk0jyXH7X23JtJiID4ZYafVm1FPdh0Pv9xZHeZLQ1wn3xApwYr04IEhSZzcLWuTL0sJRrvXza24o4N8RkolBbfBiX1Vf_Dsj5YWczlhjd5yOsq-puvFW94-1XtjmFIvWWOV2zEraLYHxSc6UFvK6oCv99MvZecz_M1Hjo5-jHpwLWqVoC0d0v9rUhYcFT1ggw6aScO18CFpodz2P3851sZJj71Ldq7uq25y0IrNLXUabIPPCWZo5Cgfs_6NVIBB1L3y0ris8tXy0oZkg3CrdJT4O0QjEAwgpFl3RNNwwyGO7s4GKZCXfhfeHXkhzV8O29yoks-N-u22ljg",
    "expires_in": 300,
    "refresh_expires_in": 0,
    "token_type": "Bearer",
    "not-before-policy": 1642608920,
    "scope": "profile email"
}

In subsequent API calls, you need to include the access_token as a bearer token in the request header. For example, if you wanted to request the list of reviews it will look something like this: 

curl --location --request GET 'https://api.etrusted.com/reviews' \
--header 'Authorization: Bearer {access_token}'

What next?

Once you can generate the access_token, the concepts will be the next best place to visit. It is meant to provide a general overview of the APIs available.

You can also go ahead and explore the API documentation if you already have an idea in mind and just need the right call parameters!

To learn more about the key standards our authentication flow is based on check OAuth's official site and jwt.io.

Updated 8 months ago