Authentication

The GlobalGateway API V3 uses OAuth 2.0.

  • You will need a Client Id and Secret to generate a token. (The Client Id and Client Secret can be provided by your respective Customer Success Manager within Trulioo)
  • With this Client Id and Secret a user can generate a bearer token. The API takes in the bearer token generated from api credentials with Identity Server. See below for more details.
  • You can now use the bearer token for any request to API.

See Test Authentication API reference for more examples.

Requesting a token

Using your Client Id and Client Secret you can generate a bearer token by calling the following endpoint - https://auth-api.trulioo.com/connect/token. Set the grant_type as client_credentials.

Request

POST /connect/token
CONTENT-TYPE application/x-www-form-urlencoded

    client_id=client1&
    client_secret=secret&
    grant_type=client_credentials

Response

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache

{
  	"access_token": "Eqb2qTGG9MV27k-10HH-wOtrOCZ0guooRJVw30z4QOc0194v3MC3-IwGtSXOeqS45IbElWSXKofdeypCPoVJ9A845VLD6B7Hj5Us9QTDSeFcNsPiTrYKobY12c8Zeq8BF632QnFOFXg4mvcyVz8a6WhkrhUOn5oV7X6sHvOfVeF1_B734O-ECYEAKwwj0TidYm1gnQ",
  	"expires_in": 1800,
  	"token_type": "Bearer",
  	"scope": “napi.api”
}

If your client_id or client_secret is wrong, you will see:

HTTP/1.1 400 BAD REQUEST
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache

{
	"error": “invalid_client”
}

If provided grant_type is wrong, you will see:

HTTP/1.1 400 BAD REQUEST
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache

{
	"error": “unsupported_grant_type”
}