Skip to main content

Client Credentials Authentication

Client credentials authentication allows API clients to authenticate using client credentials (client_id and client_secret). This method is used for server-to-server authentication.

Generate Client Auth Token

Generate an authentication token for API clients.

Endpoint

POST /generate-client-auth-token

Request Body

{
  client_id: string;
  client_secret: string;
  fingerprint: string;
  user: {
    first_name: string;
    last_name: string;
    date_of_birth?: string;
    email?: string;
    phone?: string;
    uid?: string;
    eid?: string;
    group_name?: string; // Required if not in root
  };
}

Example Request

curl -X POST https://api.example.com/generate-client-auth-token \
  -H "Content-Type: application/json" \
  -d '{
    "client_id": "your-client-id",
    "client_secret": "your-client-secret",
    "fingerprint": "device-fingerprint-123",
    "user": {
      "first_name": "John",
      "last_name": "Doe",
      "date_of_birth": "1990-01-15",
      "email": "john.doe@example.com",
      "group_name": "my-group"
    }
  }'

Try It Out

API Configuration

Client Credentials

User Information

At least one identifier required (date_of_birth, email, uid, or eid)
Required if not in root

Request Preview

{
  "client_id": "",
  "client_secret": "",
  "fingerprint": "",
  "user": {
    "first_name": "",
    "last_name": ""
  }
}

Success Response

{
  status: 200;
  data: {
    auth_token: string; // JWT auth token
  }
}

Error Responses

Missing Required Fields

{
  status: 400;
  data: {
  }
  message: "Missing required fields: client_id, client_secret, fingerprint, user";
}

Missing User Fields

{
  status: 400;
  data: {
  }
  message: "Missing required user fields: first_name, last_name";
}

Missing User Identifier

{
  status: 400;
  data: {
  }
  message: "Missing required user fields: date_of_birth or email or uid";
}

Invalid Client Credentials

{
  status: 401;
  data: {
  }
  message: "Invalid client credentials";
}

Required Fields

Always Required

  • client_id - Client identifier
  • client_secret - Client secret
  • fingerprint - Device/client identifier
  • user - User object

User Object Required Fields

  • first_name - User's first name
  • last_name - User's last name
  • At least one of:
    • date_of_birth - User's date of birth
    • email - User's email address
    • uid or eid - User unique identifier

Optional User Fields

  • phone - User's phone number
  • group_name - Tenant/group identifier (required if not in root)

Next Steps

After receiving an auth token:

  1. Use it for authenticated API requests
  2. Store the token securely on the client side