Keys and Authentication
The Trulioo Platform API supports OAuth for enhanced security. OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications and mobile phones. Once you receive a Client ID and Client Secret for your Trulioo Platform API account, you're all set to request a token for access
Request for a Token
Use your Client ID and Client Secret to generate a bearer token by requesting the endpoint below. Make sure your request sets grant_type to client_credentials and the scope to workflow.studio.api. Scope represents the service you'd like to run against.
Method | Endpoint |
---|---|
POST | https://auth-api.trulioo.com/connect/token |
Token lifecycle
Tokens are time-sensitive and need to be used before they expire. A token request will also return its lifetime in seconds under the ExpiresIn field which typically lasts for one hour.
Request
POST /connect/token HTTP/1.1
Host: auth-api-primary.dev.trulioo.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 150
grant_type=client_credentials&scope=workflow.studio.api&client_id=12345x2e0&client_secret=12345%3B
Response
{
"Token": "authenticationtoken",
"TokenType": "bearer",
"ExpiresIn": 3599,
"scope": "workflow.studio.api"
}
You can also find the expiration time within the token itself. The token's payload, encoded in base64, includes the expiration time under "exp", indicating the Epoch time when the token will expire.
If an expired token is used to call any endpoint that requires authentication, a 401 Unauthorized Error will be returned. Simply follow the token request steps again to obtain a new token.
Best Practices
Security
Always secure your API keys and tokens, avoid hardcoding in your codebase.
Logging and Monitoring
Implement logging for troubleshooting and monitoring the API usage for optimization.
Token lifecycle
Generating new token wil not invalidate the previous token. Allow for buffer time while updating the token.