JWT Authentication Tokens can be easily generated via a simple API call. The request to the token exchange should contain 4 key value pairs in the request body:
| Key | Description |
|---|---|
| client_id: | Client ID provided by Riverty |
| client_secret: | Client Secret provided by Riverty |
| audience: | The audience defines which endpoints the token is to be used. Should always be set to https://api.horizonafs.io |
| grant_type: | Is the method your application can gain the access token. Should always be set to client_credentials |
The request should be sent using the header: Content-Type: application/x-www-form-urlencoded
curl --location 'https://identity.riverty.io/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=ReplaceWithYourClientId' \
--data-urlencode 'client_secret=ReplaceWithYourClientSecret' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'audience=https://api.horizonafs.io'
{
"access_token": "eyJh...",
"scope": "read_userprofile fullcontrol:user",
"expires_in": 86400,
"token_type": "Bearer"
}
The response body contains 4 properties:
| Key | Description |
|---|---|
| access_token: | is the JWT token which holds all of your privileges and access rights. Do not expose this externally. |
| scope: | is the permissions and access rights of the token |
| expires_in: | is how long the JWT is valid for in seconds |
| token_type: | is what kind of token the token is. In our responses it is specified Bearer which indicates that that you authenticate with a bearer token |
Every call to our API requires an access token in order to be authorized and API requests are rejected if no authentication is used.
curl -X 'GET' \
'https://api.riverty.io/subscription/v1/clients/your-client-id/subscriptions/subscription-id-1' \
-H 'Authorization: Bearer eyJh...'