Generate Authentication Tokens
This page details how to generate an access token in the API Hub, enabling you to make API calls. Thredd uses HTTP authentication on requests. This means that the standard Authorization field needs to be included in the header for holding authentication credentials so that the request will work. See below for an example of the header for the Create Card endpoint.
curl --request POST \
--url https://api.thredd.com/api/v1/cards \
--header 'accept: application/json' \
--header 'authorization: Bearer eyJhbGciOiJFUzI1NiIsImtpZCI6IjI4MjE0MTkzNzIxODQ1ODQ2MTM4MDA3OTA2MDQwMzExOTc1ODE0NCIsInR5cCI6IkpXVCJ9.eyJhaWQiOiJjb25maWRlbnRpYWwtY2xpZW50cyIsImFtciI6W10sImF1ZCI6WyJodHRwczovL3JwLmRpcmVjdG9yeS5zYW5kYm94LnRocmVkZGlkLmNvbS9vcGVuaWRfcmVseWluZ19wYXJ0eS8xMzNkMTI2OS01NWVlLTQyYjctYmE3My0wNjA4MzhjMDc0YWUiLCJzcGlmZmU6Ly91YXQtdGhyZWRkLmV1LmF1dGh6LmNsb3VkZW50aXR5LmlvL3VhdC10aHJlZGQvY29uZmlkZW50aWFsLWNsaWVudHMvY29uZmlkZW50aWFsLWNsaWVudHMtb2F1dGgyIl0sImNuZiI6eyJ4NXQjUzI1NiI6IkkzZ0QyZVFydlhlcTBsMWNyR2pqS1A1VjVWX0REc1U1MURXQjRPcFZ2M00ifSwiZXhwIjoxNzQzMDgyOTk4LCJpYXQiOjE3NDMwODIzOTgsImlkcCI6IiIsImlzcyI6Imh0dHBzOi8vdWF0LXRocmVkZC5ldS5hdXRoei5jbG91ZGVudGl0eS5pby91YXQtdGhyZWRkL2NvbmZpZGVudGlhbC1jbGllbnRzIiwianRpIjoiZWMzNTY5MGItMmNkZC00YzJlLTk0ZjItODA1NWE0NGMwZTVkIiwibmJmIjoxNzQzMDgyMzk4LCJwbWlkIjoxNiwic2NwIjpbIjNkcy5yZWFkIiwiYXBhdGEucmVhZCIsImFwYXRhLndyaXRlIiwiYnVsa2NhcmQucmVhZCIsImJ1bGtjYXJkLndyaXRlIiwiY2FyZHMucmVhZCIsImNhcmRzLndyaXRlIiwiY3Z2LnJlYWQiLCJjdnYud3JpdGUiLCJkaWdpdGFsY2hhbm5lbCIsInBpbi5yZWFkIiwicGluLndyaXRlIiwic2NhbWRldGVjdCIsIndzIl0sInN0IjoicHVibGljIiwic3ViIjoiaHR0cHM6Ly9ycC5kaXJlY3Rvcnkuc2FuZGJveC50aHJlZGRpZC5jb20vb3BlbmlkX3JlbHlpbmdfcGFydHkvMTMzZDEyNjktNTVlZS00MmI3LWJhNzMtMDYwODM4YzA3NGFlIiwidGlkIjoidWF0LXRocmVkZCJ9.jdRwIDZzv5tXuR6mPpFJ0JbqiCUCZ-ToDrluW7AxjEwu78krMYEkDawjhmIfmv8gKTb2qERmMEXxZnOBYuAZ8w' \
--header 'content-type: application/*+json' \
--header 'X-Region: 0' \
--data 'An authentication is generated using the Get Access Token endpoint. The below example is the Get Access Token endpoint for the API Hub UAT Environment.
https://uat-thredd.mtls.eu.authz.cloudentity.io/uat-thredd/confidential-clients/oauth2/tokenSee the below request body example from the mTLS Postman Collection:
curl --location 'https://uat-thredd.mtls.eu.authz.cloudentity.io/uat-thredd/confidential-clients/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer' \
--data-urlencode 'client_assertion={client_assertion}' \
--data-urlencode 'scope=ws'Note
The Client Assertion is generated in the code when performing the Get Access Token request in the FAPI Postman Collection. For more information on how to use and access the Postman Collection, see Accessing the Cards API with mTLS.
A successful request will return a 200 response and a valid access token.
{
"access_token": "eyJhbGciOiJFUzI1NiIsImtpZCI6IjI4MjE0MTkzNzIxODQ1ODQ2MTM4MDA3OTA2MDQwMzExOTc1ODE0NCIsInR5cCI6IkpXVCJ9.eyJhaWQiOiJjb25maWRlbnRpYWwtY2xpZW50cyIsImFtciI6W10sImF1ZCI6WyJodHRwczovL3JwLmRpcmVjdG9yeS5zYW5kYm94LnRocmVkZGlkLmNvbS9vcGVuaWRfcmVseWluZ19wYXJ0eS8xMzNkMTI2OS01NWVlLTQyYjctYmE3My0wNjA4MzhjMDc0YWUiLCJzcGlmZmU6Ly91YXQtdGhyZWRkLmV1LmF1dGh6LmNsb3VkZW50aXR5LmlvL3VhdC10aHJlZGQvY29uZmlkZW50aWFsLWNsaWVudHMvY29uZmlkZW50aWFsLWNsaWVudHMtb2F1dGgyIl0sImNuZiI6eyJ4NXQjUzI1NiI6IkkzZ0QyZVFydlhlcTBsMWNyR2pqS1A1VjVWX0REc1U1MURXQjRPcFZ2M00ifSwiZXhwIjoxNzQzMDgyOTk4LCJpYXQiOjE3NDMwODIzOTgsImlkcCI6IiIsImlzcyI6Imh0dHBzOi8vdWF0LXRocmVkZC5ldS5hdXRoei5jbG91ZGVudGl0eS5pby91YXQtdGhyZWRkL2NvbmZpZGVudGlhbC1jbGllbnRzIiwianRpIjoiZWMzNTY5MGItMmNkZC00YzJlLTk0ZjItODA1NWE0NGMwZTVkIiwibmJmIjoxNzQzMDgyMzk4LCJwbWlkIjoxNiwic2NwIjpbIjNkcy5yZWFkIiwiYXBhdGEucmVhZCIsImFwYXRhLndyaXRlIiwiYnVsa2NhcmQucmVhZCIsImJ1bGtjYXJkLndyaXRlIiwiY2FyZHMucmVhZCIsImNhcmRzLndyaXRlIiwiY3Z2LnJlYWQiLCJjdnYud3JpdGUiLCJkaWdpdGFsY2hhbm5lbCIsInBpbi5yZWFkIiwicGluLndyaXRlIiwic2NhbWRldGVjdCIsIndzIl0sInN0IjoicHVibGljIiwic3ViIjoiaHR0cHM6Ly9ycC5kaXJlY3Rvcnkuc2FuZGJveC50aHJlZGRpZC5jb20vb3BlbmlkX3JlbHlpbmdfcGFydHkvMTMzZDEyNjktNTVlZS00MmI3LWJhNzMtMDYwODM4YzA3NGFlIiwidGlkIjoidWF0LXRocmVkZCJ9.jdRwIDZzv5tXuR6mPpFJ0JbqiCUCZ-ToDrluW7AxjEwu78krMYEkDawjhmIfmv8gKTb2qERmMEXxZnOBYuAZ8w",
"expires_in": 599,
"scope": "3ds.read apata.read apata.write bulkcard.read bulkcard.write cards.read cards.write cvv.read cvv.write digitalchannel pin.read pin.write scamdetect ws",
"token_type": "bearer"Expiration of Token
Tokens will expire ten minutes after being generated. If a token has expired when performing a request against an endpoint, a 401 error is returned and a new access token should be generated.
API Explorer
See the Retrieve access token endpoint.
Updated 16 days ago