Authenticate a client

Authenticating with your client details to retrieve an access token using OAuth 2.0

Now that you have created a client when you want to perform an API request, you must first authenticate and receive an OpenCRVS access token. The token endpoint is OAuth 2.0 compliant.

Client access tokens are valid for a maximum of 10 minutes. After it expires you must authenticate again to retrieve a new access token.

You can use our Postman collections to test all client functionality. Postman is a tool you can download to test API access before building your integrations.

URL

POST https://auth.<your_domain>/token?client_id=<client_id>&client_secret=<client_secret>&grant_type=&grant_type=client_credentials

Request payload

Example URL

https://auth.<your_domain>/token?client_id=2fd153ab-86c8-45fb-990d-721140e46061&client_secret=8636abe2-affb-4238-8bff-200ed3652d1e&grant_type=&grant_type=client_credentials

Query parameter

Sample value

Description

Request Response

{
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6Ikp...",
}

The token is a JWT containing with the following structure and must be included as a header:Authorization: Bearer <token> in all future API requests. The content of an OpenCRVS access token looks like this:

Token Header

Parameter

Sample value

Description

Token Payload

PreviousCreate a client NextEvent Notification clients