Authentication

COS uses OpenID Connect and OAuth 2.0 for authentication and authorization. Before you can use the API, you must obtain an access token using the client ID and secret provided to you. Once a token has been obtained, it must be passed in the Authorization header of each request to the API.

Requesting Tokens

To request a token send a POST to our auth server containing the client ID and secret provided.

POST https://crbcos-sandbox.auth0.com/oauth/token
{
"grant_type":"client_credentials",
"client_id":"[your id here]",
"client_secret":"[your secret here]",
"audience":"https://api.crbcos.com/"
}
{
    "access_token": "xxxxx",
    "expires_in": 86400,
    "token_type": "Bearer"
}

Presenting Tokens

In the header of each API request, the access token obtained should be included as follows:

Authorization: Bearer [your token here]

📘

Token Expiration

The access token should be stored and used until it expires. The token response you receive specifies the expiration time in seconds. Do not request a new token for every API request. It is recommended you use the current token until you receive a 401 unauthorized error, at which point you would request a new token.


Did this page help you?