search

Authentication

OAuth 2.0 authentication endpoints

hashtag
Get OAuth Access Token

post
/v1/oauth/token

OAuth 2.0 Client Credentials flow endpoint.

Two authentication methods supported:

  1. Standard OAuth (client_secret):

    • Include client_secret in request body

    • No additional headers needed

  2. mTLS OAuth (RFC 8705 - certificate replaces secret):

    • Include X-Client-Cert header with base64-encoded certificate

    • Omit client_secret from request body

    • Certificate authenticates the client instead of secret

Token lifetime: 1 hour Verification: Fast local JWT verification (<1ms)

Header parameters
X-Client-Certstring · byteOptional

For mTLS clients only (RFC 8705): Base64-encoded client certificate in PEM format.

When provided, certificate replaces client_secret for authentication.

Example:

LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURE...

To encode your certificate:

base64 -w 0 client.crt
Body
grant_typestring · enumRequired

OAuth grant type (must be client_credentials)

Possible values:
client_idstringRequired

Your OAuth client identifier

client_secretstringOptional

Your OAuth client secret.

Required for standard OAuth clients. Omit for mTLS clients - certificate authenticates instead.

Responses
chevron-right
200

Access token issued successfully

application/json
access_tokenstringRequired

JWT access token (RS256 signed)

Example: eyJhbGciOiJSUzI1NiJ9...
token_typestring · enumRequired

Token type (always Bearer)

Possible values:
expires_inintegerRequired

Token lifetime in seconds (3600 = 1 hour)

Example: 3600
post
/v1/oauth/token
PreviousAuthentication MethodsNextHealth & Status

Last updated