Keys and Authentication
The Trulioo Platform API supports OAuth for enhanced security. OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications and mobile phones. Once you receive a Client ID and Client Secret for your Trulioo Platform API account, you're all set to request a token for access.
Request for a Token
Use your Client ID and Client Secret to generate a bearer token by requesting the endpoint below. Make sure your request sets grant_type to client_credentials and the scope to workflow.studio.api.
| Method | Endpoint |
|---|---|
| POST | https://auth-api.trulioo.com/connect/token |
Token lifecycle
Tokens are time-sensitive and need to be used before they expire. A token request will also return its lifetime in seconds under the ExpiresIn field which typically lasts for one hour.
{
"Token": "authenticationtoken",
"TokenType": "bearer",
"ExpiresIn": 3599
}
You can also find the expiration time within the token itself. The token's payload, encoded in base64, includes the expiration time under "exp", indicating the Epoch time when the token will expire.
If an expired token is used to call any endpoint that requires authentication, a 401 Unauthorized Error will be returned. Simply follow the token request steps again to obtain a new token.
Best Practices
Security
Always secure your API keys and tokens, avoid hardcoding in your codebase.
Logging and Monitoring
Implement logging for troubleshooting and monitoring the API usage for optimization.
Token lifecycle
Generating new token wil not invalidate the previous token. Allow for buffer time while updating the token.