Authenticate a client
Authenticating with your client details to retrieve an access token
Now that you have created a client, when you want to perform an API request, you must first authenticate and recieve an OpenCRVS access token.
Client access tokens are valid for a maximum of 10 minutes. After it expires you must authenticate again to retrieve a new access token.
You can use our Postman collections to test all client functionality. Postman is a tool you can download to test API access before building your integrations.
URL
POST https://auth.<your_domain>/authenticateSystemClient
Example json
{
"client_id": "2fd153ab-86c8-45fb-990d-721140e46061",
"client_secret": "8636abe2-affb-4238-8bff-200ed3652d1e"
}
Parameter | Sample value | Description |
---|---|---|
client_id | 2fd153ab-86c8-45fb-990d-721140e46061 | The client id used in the authentication process for system clients. |
client_secret | 8636abe2-affb-4238-8bff-200ed3652d1e | The client secret used in the authentication process for system clients. |
{
"token": "eyJhbGciOiJSUzI1NiIsInR5cCI6Ikp...",
}
The token is a JWT containing with the following structure and must be included as a header:
Authorization: Bearer <token>
in all future API requests. The content of an OpenCRVS access token looks like this:Parameter | Sample value | Description |
---|---|---|
alg | RS256 | Signing algorithm. |
typ | JWT | This value is always JWT . |
Parameter | Sample value | Description |
---|---|---|
scope | ['recordsearch'] | An array of OpenCRVS roles for authorization permissions to access. These are defined as a feature of the OpenCRVS core. Approved scopes are health , nationalId , ageCheck . If you require a new scope, please open a feature request |
iat | 1593712289 | When the JWT was created. |
exp | 1594317089 | When the JWT expires - For clients this is set to 10 minutes by default, but this is configurable in the resources package. |
aud | ['opencrvs.auth'] | An array of services that will respond to this JWT. |
iss | 'opencrvs.auth' | The issuing service of the JWT. |
sub | '5ee75eb2104ccf88d9ac0c3d' | A unique client id in our database. |
Last modified 23d ago