Authentication API

To authenticate the calls made by your application to the Qualifio APIs, an access token is required.

You can obtain said access token by using your client id and client secret (these credentials are provided to you by Qualifio) and making a request to our authorization server.

API Definition

Entrypoint

Production: https://auth.k8s.qualifio.com

Get token

Get a new token based on a clientId and clientSecret.

Request

POST /auth/realms/Qualifio/protocol/openid-connect/token

Request body has to be "HTTP form-style" with url encoded values.

Request header

"Content-Type: application/x-www-form-urlencoded"
"Authorization: Basic BASIC_CREDENTIALS"
- BASIC_CREDENTIALS must be replaced by the base64 encoding of the concatenation of the clientId and clientSecret separated by a ":"
- If clientId = "clientId" and clientSecret = "clientSecret", then BASIC_CREDENTIALS = base64("clientId:clientSecret") = Y2xpZW50SWQ6Y2xpZW50U2VjcmV0

Request body

grant_type=client_credentials

Samples

Here are some code examples to help you understand this process:

Node.js (axios)
Bash (cURL)
Python (requests)
JavaScript (fetch)

const axios = require('axios'); // https://www.npmjs.com/package/axios

const form = new URLSearchParams();
form.append('grant_type', 'client_credentials');
form.append('client_id', 'your-client-id');
form.append('client_secret', 'your-client-secret'

const response = await axios.post(
  `https://auth.k8s.qualifio.com/auth/realms/Qualifio/protocol/openid-connect/token`,
  form,
  {
    headers: {
      'Content-Type': 'application/x-www-form-urlencoded',
    },
  },
);

const token = response.data;

console.log('Access token:', token.access_token);
console.log('Token will expire in', token.expires_in, 'seconds');

curl --location \
  --request POST "https://auth.k8s.qualifio.com/auth/realms/Qualifio/protocol/openid-connect/token" \
  --header "Content-Type: application/x-www-form-urlencoded" \
  --data-urlencode "client_id=YOUR-CLIENT-ID" \
  --data-urlencode "client_secret=YOUR-CLIENT-SECRET" \
  --data-urlencode "grant_type=client_credentials" > response.json
echo "Access token: $(jq -r '.access_token' response.json)"
echo "Token will expire in $(jq -r '.expires_in' response.json) seconds"

import json
import requests

url = "https://auth.k8s.qualifio.com/auth/realms/Qualifio/protocol/openid-connect/token"
payload = 'client_id=your-client-id&client_secret=your-client-secret&grant_type=client_credentials'
headers = {
  'Content-Type': 'application/x-www-form-urlencoded'
}

response = requests.post(url, headers=headers, data=payload)

token = json.loads(response.text)

print("Access token:", token['access_token'])
print("Token will expire in", token['expires_in'], "seconds")

fetch(
  "https://auth.k8s.qualifio.com/auth/realms/Qualifio/protocol/openid-connect/token",
  {
    method: "POST",
    headers: {
      "Content-Type": "application/x-www-form-urlencoded",
      Authorization: "Basic Y2xpZW50SWQ6Y2xpZW50U2VjcmV0",
    },
    body: {
      grant_type: "client_credentials",
    },
  }
)
  .then((response) => response.json())
  .then((token) => {
    console.log('Access token:', token.access_token);
    console.log('Token will expire in', token.expires_in, 'seconds');
  })
  .catch((err) => {
    console.error(err);
  });

Normal token validity is 1 hour (3600 seconds). This timing can be reduced/increased depending on specific needs.

Response

{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJ5WW8xSkVIUW92S2FZS2JxOE12dC1pMExfU0QyYXZQRDJ6RHRwMjhHbC1rIn0.eyJleHAiOjE2MjczMDcwNDUsImlhdCI6MTYyNzMwMzQ0NSwianRpIjoiMmZkYmQ3ODMtN2EyMi00ZjdlLWJkNmYtMWQ0ODUxMDg3YzljIiwiaXNzIjoiaHR0cHM6Ly9hdXRoLnN0YWdpbmcuazhzLnF1YWxpZmlvLmNvbS9hdXRoL3JlYWxtcy9RdWFsaWZpbyIsInN1YiI6IjJlMmVkMmI4LWIyZmUtNDc1Mi1iYWYwLWViNjg3MThkZTg0MSIsInR5cCI6IkJlYXJlciIsImF6cCI6ImRlbW8tZXh0ZXJuYWwtYXBpIiwiYWNyIjoiMSIsInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJjcnlwdG8tYXBpLWNyZWF0ZSIsImNyeXB0by1hcGktcmVhZCJdfSwic2NvcGUiOiIiLCJjbGllbnRJZCI6ImRlbW8tZXh0ZXJuYWwtYXBpIiwiY2xpZW50SG9zdCI6IjE0Ni41OS4yMDIuMTQ4IiwiY2xpZW50QWRkcmVzcyI6IjE0Ni41OS4yMDIuMTQ4IiwicWxmOkFjY291bnRJRCI6Mn0.Z-TYRCiIhjjMSfHx_Woq_VRPm3u9EHktkhIS45jjUHPQ5268MdLQ9Qv1MgyeA6UQK-iIVneeoBsklmoOCvD-yPBe7AGELlkvRad_49kgURo1NzZbR30RqFc7r4GJgfGtV5hFbp3ZFfyCY6jWA49rlnDEQ4WalCjP4pddnKVYGXzCiWFmwPspi9CcVmYCj1KEau3eCjRNH8B1k4d1aI5sl_lRP8wzDRmzgBPU0mVOtywo3t38CD1zY7F8w6NYsfpEUkTtm22CDKlBYPlABT1C6VnCdUTwPleIAJ0sHmxofk_XZZHZM3NJrhpZxfykCqRv9mg4K9J3mwy_KWrXhWUqbA",
  "expires_in": 3600,
  "refresh_expires_in": 0,
  "token_type": "Bearer",
  "not-before-policy": 1625826844,
  "scope": ""
}

This token can then be used immediately until the expiration time (field expires_in expressed in seconds).

The normal content of the token is:

{
  "kid": "yYo1JEHQovKaYKbq8Mvt-i0L_SD2avPD2zDtp28Gl-k",
  "alg": "RS256",
  "typ": "JWT"
}

Payload

{
  "exp": 1627307045,
  "iat": 1627303445,
  "jti": "2fdbd783-7a22-4f7e-bd6f-1d4851087c9c",
  "iss": "https://auth.k8s.qualifio.com/auth/realms/Qualifio",
  "sub": "2e2ed2b8-b2fe-4752-baf0-eb68718de841",
  "typ": "Bearer",
  "azp": "demo-external-api",
  "acr": "1",
  "realm_access": {
    "roles": [
      "crypto-api-create",
      "crypto-api-read"
    ]
  },
  "scope": "",
  "clientId": "demo-external-api",
  "clientHost": "146.59.202.148",
  "clientAddress": "146.59.202.148",
  "qlf:AccountID": 2
}

Requests are authenticated by adding the Authorization HTTP header containing a Bearer token:

Authorization: Bearer your_access_token

Client credentials grant flow

Additional resources:

API Definition

Authentication API

API Definition​

Entrypoint​

Get token​

Request​

Samples​

Response​

Header​

Payload​