Our public API uses the OAuth 2.0 Client Credentials Grant for authentication. This allows a server-to-server communication where the API consumer requests an access token using their client ID and secret.
Token endpoint
To obtain an access token, make a POST request to the token endpoint below:
POST /connect/token HTTP/1.1
Host: identity.coreview.com
Content-Type: application/x-www-form-urlencoded
Authorization: Basic base64(CLIENT_ID + ":" + CLIENT_SECRET)
grant_type=client_credentials&scope=SPACE_SEPARATED_SCOPESSample request
POST /connect/token HTTP/1.1
Host: identity.coreview.com
Content-Type: application/x-www-form-urlencoded
Authorization: Basic c2FtcGxlY2xpZW50aWQ6c2FtcGxlY2xpZW50c2VjcmV0Cg==
Content-Length: 173
grant_type=client_credentials&scope=delegation.read%20delegation.write%20operator.read%20operator.write%20platform.read%20licensepool.write%20licensepool.read%20license.readSample response
{
"access_token": "eyJhbGciOiJ...",
"expires_in": 3600,
"token_type": "Bearer",
"scope": "delegation.read delegation.write license.read licensepool.read licensepool.write operator.read operator.write platform.read"
}Notes
- The access_token is a JSON Web Token (JWT) that can be used to authorize API requests.
- The token will expire after 3600 seconds (1 hour), after which a new token must be requested.
- Ensure your client ID and secret are kept confidential and stored securely.