Authentication Overview
Generation and use of authentication tokens on Layer1
Layer1 uses OAuth2 with the client_credentials
grant type to authenticate API requests securely. This section will guide you on how to generate and manage your API tokens.
Generate your API Token
To authenticate as a client application, follow these steps to obtain your access token:
- Send a Token Request: To generate a token, make a POST request to the token endpoint, but replace client_id and client_secret with your credentials shown in the code example provided in the code snippet section below.
- Receive the Access Token: The server responds with a JSON object containing your
access_token
and its expiry time. Here is an example of a successful response:{ "access_token": "eyJhbG...dFg", "expires_in": 300, "refresh_expires_in": 0, "token_type": "Bearer", "not-before-policy": 0, "scope": "tenants:view transactions:edit ... microprofile-jwt networks:view" }
- Use the Token in API Requests: Include the retrieved
access_token
as a Bearer token in the Authorization header of your API requests.curl -X GET 'https://api.sandbox.layer1.com/path/to/resource' \ -H 'Authorization: Bearer YOUR_ACCESS_TOKEN'
Note: Keep your access_token
secure as it allows access to the API.
Managing Tokens
Token Expiry: The access_token is valid for a limited time (specified by expires_in in seconds). After expiration, you will need to generate a new token.
Storage & Security: Store the access token securely on your server. Never expose it in client-side code or share it publicly.
Token Usage: Include the access token in the Authorization header as a Bearer token in subsequent API requests.
Code Snippets
To help you integrate API token generation into your applications, here are sample code snippets:
curl -X POST 'https://auth.sandbox.layer1.com/auth/realms/bvnk/protocol/openid-connect/token' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'client_id=PROVIDED_CLIENT_ID' \
-d 'client_secret=PROVIDED_CLIENT_SECRET' \
-d 'grant_type=client_credentials'
import requests
url = "https://auth.sandbox.layer1.com/auth/realms/bvnk/protocol/openid-connect/token"
data = {
"client_id": "PROVIDED_CLIENT_ID",
"client_secret": "PROVIDED_CLIENT_SECRET",
"grant_type": "client_credentials"
}
response = requests.post(url, data=data)
token = response.json().get("access_token")
const axios = require('axios');
const url = 'https://auth.sandbox.layer1.com/auth/realms/bvnk/protocol/openid-connect/token';
const data = new URLSearchParams({
client_id: 'PROVIDED_CLIENT_ID',
client_secret: 'PROVIDED_CLIENT_SECRET',
grant_type: 'client_credentials'
});
axios.post(url, data)
.then((response) => {
const token = response.data.access_token;
// Use the token for subsequent requests
const apiURL = 'https://api.sandbox.layer1.com/api/v1/asset-pools';
axios.get(apiURL, { headers: { Authorization: `Bearer ${token}` } })
.then(apiResponse => {
console.log(apiResponse.data);
})
.catch(error => {
console.error('API Request Error:', error);
});
})
.catch((error) => {
console.error('Token Generation Error:', error);
});
Further Reading & Resources
For more detailed information about OAuth2 and client credentials grant, refer to the OAuth 2.0 Authorization Framework.
Updated 4 months ago