Authentication Overview

Generation and use of authentication tokens on Layer1

Layer1 uses OAuth2 with the client_credentials grant type to authenticate API requests securely. This section will guide you on how to generate and manage your API tokens.

Generate your API Token

To authenticate as a client application, follow these steps to obtain your access token:

  1. Send a Token Request: To generate a token, make a POST request to the token endpoint, but replace client_id and client_secret with your credentials shown in the code example provided in the code snippet section below.
  2. Receive the Access Token: The server responds with a JSON object containing your access_token and its expiry time. Here is an example of a successful response:
      "access_token": "eyJhbG...dFg",
      "expires_in": 300,
      "refresh_expires_in": 0,
      "token_type": "Bearer",
      "not-before-policy": 0,
      "scope": "tenants:view transactions:edit ... microprofile-jwt networks:view"
  3. Use the Token in API Requests: Include the retrieved access_token as a Bearer token in the Authorization header of your API requests.
    curl -X GET '' \
    -H 'Authorization: Bearer YOUR_ACCESS_TOKEN'

Note: Keep your access_token secure as it allows access to the API.

Managing Tokens

Token Expiry: The access_token is valid for a limited time (specified by expires_in in seconds). After expiration, you will need to generate a new token.

Storage & Security: Store the access token securely on your server. Never expose it in client-side code or share it publicly.

Token Usage: Include the access token in the Authorization header as a Bearer token in subsequent API requests.

Code Snippets

To help you integrate API token generation into your applications, here are sample code snippets:

curl -X POST '' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'client_id=PROVIDED_CLIENT_ID' \
-d 'client_secret=PROVIDED_CLIENT_SECRET' \
-d 'grant_type=client_credentials'

import requests

url = ""
data = {
    "client_id": "PROVIDED_CLIENT_ID",
    "client_secret": "PROVIDED_CLIENT_SECRET",
    "grant_type": "client_credentials"
response =, data=data)
token = response.json().get("access_token")

const axios = require('axios');
const url = '';

const data = new URLSearchParams({
    client_id: 'PROVIDED_CLIENT_ID',
    client_secret: 'PROVIDED_CLIENT_SECRET',
    grant_type: 'client_credentials'
});, data)
.then((response) => {
    const token =;

    // Use the token for subsequent requests
    const apiURL = '';
    axios.get(apiURL, { headers: { Authorization: `Bearer ${token}` } })
    .then(apiResponse => {
    .catch(error => {
        console.error('API Request Error:', error);
.catch((error) => {
    console.error('Token Generation Error:', error);

Further Reading & Resources

For more detailed information about OAuth2 and client credentials grant, refer to the OAuth 2.0 Authorization Framework.