The authentication endpoint allows clients to obtain an access token, which is required for making authenticated API requests.
This endpoint generates an access token, allowing clients to authenticate and access protected resources within the Alvys system.
Request Parameters
The following parameters are required and should be included in the body of the request as multipart/form-data:
| Field | Type | Required | Description |
|---|---|---|---|
| tenant_id | string | Yes | The unique Alvys identifier obtained at tenant registration. |
| client_id | string | Yes | The unique identifier generated from the API Access page on the Alvys platform. |
| client_secret | string | Yes | The secret key generated from the API Access page on the Alvys platform. |
| grant_type | string | Yes | The type of grant being used. For this API, it should be client_credentials. |
Example curl request to obtain the access token:
curl --request POST \
--url 'https://integrations.alvys.com/api/authentication/{tenant_id}/token' \
--header 'content-type: application/x-www-form-urlencoded' \
--form grant_type=client_credentials \
--form 'client_id={CLIENT_ID}' \
--form 'client_secret={CLIENT_SECRET}'
Replace {CLIENT_ID}, {CLIENT_SECRET}, {tenant_id} with your actual credentials. Secure and save them for later steps.
After substituting {CLIENT_ID}, {CLIENT_SECRET} and {tenant_id} with your actual credentials, your request should look like this:
curl --location 'https://integrations.alvys.com/api/authentication/AB123/token' \
--form 'tenant_id="AB123"' \
--form 'client_id="12345678-abcd-1234-efgh-567890abcdef"' \
--form 'client_secret="newExampleSecretKeyHere1234567890!@#$%^&*()_+"' \
--form 'grant_type="client_credentials"'
Upon successful authentication, the endpoint returns a JSON response containing the access token and related information.
Example Response:
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"expires_in": 3600,
"token_type": "Bearer"
}
Response Parameters
| Field | Type | Required | Description |
|---|---|---|---|
| access_token | string | Yes | The generated bearer token for authenticated access. |
| expires_in | number | Yes | The duration in seconds for which the token is valid. |
| token_type | string | Yes | The type of token issued - Bearer. |
Use the Authentication Token
The generated authentication token will be used to access other API resources. This access token must be included in the headers of your API requests. Use the Authorization header with the format:
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cC...
Replace the placeholder with the actual token value you received. This token will authenticate your requests to access protected resources within the Alvys API.
Important Notes
⚠️ Ensure that you keep your client_id and client_secret secure. Tokens are time-limited and must be regenerated periodically by re-authenticating using the same endpoint.