Guides

Authentication Overview

Generation and use of authentication tokens on Layer1

Suggest Edits

Layer1 uses OAuth2 with the client_credentials grant type to authenticate API requests securely. This section will guide you on how to generate and manage your API tokens.

Generate your API Token

To authenticate as a client application, follow these steps to obtain your access token:

  1. Send a Token Request: To generate a token, make a POST request to the token endpoint, but replace client_id and client_secret with your credentials shown in the code example provided in the code snippet section below.
  2. Receive the Access Token: The server responds with a JSON object containing your access_token and its expiry time. Here is an example of a successful response: 
    {
  "access_token": "eyJhbG...dFg",
  "expires_in": 300,
  "refresh_expires_in": 0,
  "token_type": "Bearer",
  "not-before-policy": 0,
  "scope": "tenants:view transactions:edit ... microprofile-jwt networks:view"
}
  3. Use the Token in API Requests: Include the retrieved access_token as a Bearer token in the Authorization header of your API requests. 
    curl -X GET 'https://api.sandbox.layer1.com/path/to/resource' \
-H 'Authorization: Bearer YOUR_ACCESS_TOKEN'

Note: Keep your access_token secure as it allows access to the API.

Managing Tokens

Token Expiry: The access_token is valid for a limited time (specified by expires_in in seconds). After expiration, you will need to generate a new token.

Storage & Security: Store the access token securely on your server. Never expose it in client-side code or share it publicly.

Token Usage: Include the access token in the Authorization header as a Bearer token in subsequent API requests.

Code Snippets

To help you integrate API token generation into your applications, here are sample code snippets:

curl -X POST 'https://auth.sandbox.layer1.com/auth/realms/bvnk/protocol/openid-connect/token' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'client_id=PROVIDED_CLIENT_ID' \
-d 'client_secret=PROVIDED_CLIENT_SECRET' \
-d 'grant_type=client_credentials'


import requests

url = "https://auth.sandbox.layer1.com/auth/realms/bvnk/protocol/openid-connect/token"
data = {
    "client_id": "PROVIDED_CLIENT_ID",
    "client_secret": "PROVIDED_CLIENT_SECRET",
    "grant_type": "client_credentials"
}
response = requests.post(url, data=data)
token = response.json().get("access_token")


const axios = require('axios');
const url = 'https://auth.sandbox.layer1.com/auth/realms/bvnk/protocol/openid-connect/token';

const data = new URLSearchParams({
    client_id: 'PROVIDED_CLIENT_ID',
    client_secret: 'PROVIDED_CLIENT_SECRET',
    grant_type: 'client_credentials'
});

axios.post(url, data)
.then((response) => {
    const token = response.data.access_token;

    // Use the token for subsequent requests
    const apiURL = 'https://api.sandbox.layer1.com/api/v1/asset-pools';
    axios.get(apiURL, { headers: { Authorization: `Bearer ${token}` } })
    .then(apiResponse => {
        console.log(apiResponse.data);
    })
    .catch(error => {
        console.error('API Request Error:', error);
    });
})
.catch((error) => {
    console.error('Token Generation Error:', error);
});

Further Reading & Resources

For more detailed information about OAuth2 and client credentials grant, refer to the OAuth 2.0 Authorization Framework.

Updated 4 months ago