Authentication
Our APIs require an OAuth server based access token to interact with it. You can generate a new access token by using the client_credentials grant type. The response will include an access token
OAuth2 with bearer token
The recommended way to authenticate with our services is by using OAuth2.
- Name
grant_type- Required
- Type
- string
- Description
Method of authentication. This will usually be either
client_credentialsorpassword
- Name
client_id- Required
- Type
- string
- Description
ID of the client you wish to authenticate against. Each platform will have it's own client
- Name
client_secret- Required
- Type
- string
- Description
The secret password that will verify we own the client. This should be passed in as a plain text string
- Name
scope- Required
- Type
- string
- Description
A space separated list of scopes to attach to the token
Request
POST
/oauth/tokencurl \
--location \
--request POST 'https://auth.itccompliance.co.uk/oauth/token' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data-raw '{
"grant_type": "client_credentials",
"client_id": "example-service-client-id",
"client_secret": "example-secret",
"scope": "scope-a scope-b"
}'
Response
{
"token_type": "Bearer",
"expires_in": "31536000",
"access_token": "jwt.access.token"
}
Always keep your token safe and revoke it if you suspect it has been compromised.