Workflow Studio Authentication
Keys and Authentication
The Trulioo Platform API supports OAuth for enhanced security. Once you create a Client ID and Client Secret for your Trulioo Platform API account, you're all set to request a token for access.
Request for a Token
You can make a request to our Token endpoint to retrieve a token. Use your Client ID and Client Secret to generate a bearer token through a call to the following endpoint - https://auth-api.trulioo.com/connect/token.
Make sure your request sets grant_type to client_credentials and the scope to workflow.studio.api.
curl --location --request POST '://auth-api.trulioo.com/connect/token'\
--header 'Content-Type: application/x-www-form-urlencoded'
--data-raw '{
"client_id": "clientid",
"client_secret": "clientsecret",
"grant_type": "client_credentials",
"scope": "workflow.studio.api"
}'
var options = {
'method': 'POST',
'url': 'https://auth-api.trulioo.com/connect/token',
'headers': {
'Content-Type': 'application/x-www-form-urlencoded'
body: JSON.stringify({
"ClientId":"clientid",
"ClientSecret":"clientsecret"})
};
},
JSON.stringify({
"ClientId":"clientid",
"ClientSecret":"clientsecret"
});
xhr.open("POST","https://auth-api.trulioo.com/connect/token");
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
xhr.send(data);
request = Net::HTTP::Post.new("https://auth-api.trulioo.com/connect/token")
request["Content-Type"] = "application/x-www-form-urlencoded"
request.body = "{\n\t\"ClientId\": \"clientid\",\n\t\"ClientSecret\": \"clientsecret\"\n}": "clientsecret"
}"
response = https.request(request)
url = "https://auth-api.trulioo.com/connect/token"
payload = "{\n\t\"ClientId\": \"clientid\",\n\t\"ClientSecret\": \"clientsecret\"\n}"
headers = {
'Content-Type': 'application/x-www-form-urlencoded'
}
response = requests.request("POST", url, headers=headers, data = payload)
Token Expiration
Tokens are time-sensitive and must be used before they expire. A token request will also return its lifetime in seconds under the ExpiresIn field which typically lasts for one hour.
{
"Token": "authenticationtoken",
"TokenType": "bearer",
"ExpiresIn": 3599
}
You can also find the expiration time within the token itself. The token's payload, encoded in base64, includes the expiration time under "exp", indicating the Epoch time when the token will expire.
If an expired token is used to call any endpoint that requires authentication, a 401 Unauthorized Error will be returned. Simply follow the token request steps again to obtain a new token.
Using the API
Trulioo recommends adding your token to the header of any authenticated API requests. This makes sure your requests are properly authenticated and can access the necessary resources or actions in the Trulioo Platform API.
curl --location --request GET 'url' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer authenticationtoken' \
var request = require('request');
var options = {
'method': 'GET',
'url': 'url',
'headers': {
'Content-Type': 'application/json',
'Authorization': 'Bearer authenticationtoken'
}
};
xhr.withCredentials = true;
xhr.open("GET", "url");
xhr.setRequestHeader("Content-Type", "application/json");
xhr.setRequestHeader("Authorization", "Bearer authenticationtoken");
xhr.send(data);
request = Net::HTTP::Get.new(url)
request["Content-Type"] = "application/json"
request["Authorization"] = "Bearer authenticationtoken"
response = https.request(request)
headers = {
'Content-Type': 'application/json',
'Authorization': 'Bearer authenticationtoken'
}
response = requests.request("GET", url, headers=headers, data = payload)
Updated 9 days ago