Authenticate a client

Authenticating with your client details to retrieve an access token

Now that you have created a client, when you want to perform an API request, you must first authenticate and recieve an OpenCRVS access token.
Client access tokens are valid for a maximum of 10 minutes.  After it expires you must authenticate again to retrieve a new access token.
You can use our Postman collections to test all client functionality. Postman is a tool you can download to test API access before building your integrations.
URL
POST https://auth.<your_domain>/authenticateSystemClient
Request payload
Example json
{
    "client_id": "2fd153ab-86c8-45fb-990d-721140e46061",
    "client_secret": "8636abe2-affb-4238-8bff-200ed3652d1e"
}
Parameter
Sample value
Description
client_id
2fd153ab-86c8-45fb-990d-721140e46061
The client id used in the authentication process for system clients.
client_secret
8636abe2-affb-4238-8bff-200ed3652d1e
The client secret used in the authentication process for system clients.
Request Response
{
    "token": "eyJhbGciOiJSUzI1NiIsInR5cCI6Ikp...",
}
The token is a JWT containing with the following structure and must be included as a header:Authorization: Bearer <token> in all future API requests. The content of an OpenCRVS access token looks like this:
Token Header
Parameter
Sample value
Description
alg
RS256
Signing algorithm.
typ
JWT
This value is always JWT.
Token Payload
Parameter
Sample value
Description
scope
['recordsearch']
An array of OpenCRVS roles for authorization permissions to access. These are defined as a feature of the OpenCRVS core. Approved scopes are health, nationalId, ageCheck. If you require a new scope, please open a feature request
iat
1593712289
When the JWT was created.
exp
1594317089
When the JWT expires - For clients this is set to 10 minutes by default, but this is configurable in the resources package.
aud
['opencrvs.auth']
An array of services that will respond to this JWT.
iss
'opencrvs.auth'
The issuing service of the JWT.
sub
'5ee75eb2104ccf88d9ac0c3d'
A unique client id in our database.

Parameter	Sample value	Description
`client_id`	`2fd153ab-86c8-45fb-990d-721140e46061`	The client id used in the authentication process for system clients.
`client_secret`	`8636abe2-affb-4238-8bff-200ed3652d1e`	The client secret used in the authentication process for system clients.

Parameter	Sample value	Description
`alg`	`RS256`	Signing algorithm.
`typ`	`JWT`	This value is always `JWT`.

Parameter	Sample value	Description
`scope`	`['recordsearch']`	An array of OpenCRVS roles for authorization permissions to access. These are defined as a feature of the OpenCRVS core. Approved scopes are `health`, `nationalId`, `ageCheck`. If you require a new scope, please open a feature request
`iat`	`1593712289`	When the JWT was created.
`exp`	`1594317089`	When the JWT expires - For clients this is set to 10 minutes by default, but this is configurable in the resources package.
`aud`	`['opencrvs.auth']`	An array of services that will respond to this JWT.
`iss`	`'opencrvs.auth'`	The issuing service of the JWT.
`sub`	`'5ee75eb2104ccf88d9ac0c3d'`	A unique client id in our database.

Create a client

Event Notification clients

Last modified 23d ago