The Trulioo Platform API V3 uses OAuth 2.0.
- You will need a Client Id and Secret to generate a token. (The Client Id and Client Secret can be provided by your respective Customer Success Manager within Trulioo)
- With this Client Id and Secret a user can generate a bearer token. The API takes in the bearer token generated from api credentials with Identity Server. See below for more details.
- You can now use the bearer token for any request to API.
See Test Authentication API reference for more examples.
Requesting a token
Using your Client Id and Client Secret you can generate a bearer token by calling the following endpoint - https://auth-api.trulioo.com/connect/token. Set the grant_type as client_credentials and scope as napi.api.
Request
POST /connect/token
CONTENT-TYPE application/x-www-form-urlencoded
client_id=client1&
client_secret=secret&
grant_type=client_credentials&
scope=napi.api
Response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache
{
"access_token": "Eqb2qTGG9MV27k-10HH-wOtrOCZ0guooRJVw30z4QOc0194v3MC3-IwGtSXOeqS45IbElWSXKofdeypCPoVJ9A845VLD6B7Hj5Us9QTDSeFcNsPiTrYKobY12c8Zeq8BF632QnFOFXg4mvcyVz8a6WhkrhUOn5oV7X6sHvOfVeF1_B734O-ECYEAKwwj0TidYm1gnQ",
"expires_in": 1800,
"token_type": "Bearer",
"scope": "napi.api"
}
If your client_id or client_secret is wrong, you will see:
HTTP/1.1 400 BAD REQUEST
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache
{
"error": "invalid_client"
}
If provided grant_type is wrong, you will see:
HTTP/1.1 400 BAD REQUEST
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache
{
"error": "unsupported_grant_type"
}