Skip to main content

Authentication

POST /v4/auth/token

Purpose:
Authenticates API clients and generates OAuth 2.0 Bearer tokens for authorized platform access.

This endpoint serves as the entry point for all platform interactions, implementing the OAuth 2.0 client credentials flow to verify partner identity and establish secure sessions. Partners submit their client credentials (client ID and secret) along with requested access scopes, and receive a JWT Bearer token that must be included in all subsequent API requests. The endpoint validates credentials against the partner registry, applies appropriate access permissions based on partner agreements, and generates tokens with configurable expiration times. The authentication process includes comprehensive logging for security monitoring and supports various token scopes that limit access to specific platform functionality based on partner agreements and compliance requirements. This centralized authentication approach ensures 16 consistent security across all platform services while enabling granular access control and audit capabilities essential for enterprise operations

curl -X POST https://api.rc.saas.bolttech.asia/v4/auth/token \
  -H "Content-Type: application/json" \
  -d '{
    "client_id": "partner_client_12345",
    "client_secret": "sk_prod_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6",
    "grant_type": "client_credentials",
    "scope": "openid"
  }'
{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJwYXJ0bmVyX...",
  "token_type": "bearer",
  "expires_in": 3600,
  "scope": "openid"
}

Notes

  • grant_type: Only client_credentials is supported.
  • scope: Defines access to platform services (e.g., openid, policies:read).
  • expires_in: Default 3600 seconds (1h), configurable per partner.
  • Security: Full request and response logging for audit & compliance.