🔄
Update (June 2025): A new token endpoint has been introduced to enhance security and scalability. While the authentication flow remains based on the Client Credentials model, tokens must now be requested from the updated URL.
This legacy /api/authentication/{tenant_id}/token endpoint is deprecated and will be fully shut down on July 31, 2025.

This endpoint generates an access token, allowing clients to authenticate and access protected resources within the Alvys system.

Supported Content Types

This endpoint accepts requests with the following Content-Type headers:

application/json
application/x-www-form-urlencoded

❗
Requests using other content types (e.g., multipart/form-data) will be rejected with a 415 Unsupported Media Type error.

Request Parameters

These parameters are required in the body of the request:

Field	Type	Required	Description
tenant_id	string	Yes	The unique Alvys identifier obtained at tenant registration.
client_id	string	Yes	The unique identifier generated from the API Access page on the Alvys platform.
client_secret	string	Yes	The secret key generated from the API Access page on the Alvys platform.
grant_type	string	Yes	The type of grant being used. Must be `client_credentials`.

Curl Example – JSON Format

curl --request POST \
     --url 'https://integrations.alvys.com/api/authentication/{TENANT_ID}/token' \
     --header 'Content-Type: application/json' \
     --data '{
       "client_id": "{CLIENT_ID}",
       "client_secret": "{CLIENT_SECRET}",
       "grant_type": "client_credentials"
     }'

Curl Example – Form-Encoded Format

curl --request POST \
     --url 'https://integrations.alvys.com/api/authentication/{TENANT_ID}/token' \
     --header 'Content-Type: application/x-www-form-urlencoded' \
     --data 'grant_type=client_credentials' \
     --data 'client_id={CLIENT_ID}' \
     --data 'client_secret={CLIENT_SECRET}'

Replace{CLIENT_ID}, {CLIENT_SECRET}, {TENANT_ID} with your actual credentials. Secure and save them for later steps.

Upon successful authentication, the endpoint returns a JSON response containing the access token and related information.

Example Response:

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expires_in": 3600,
  "token_type": "Bearer"
}

Response Parameters

Field	Type	Required	Description
access_token	string	Yes	The generated bearer token for authenticated access.
expires_in	number	Yes	The duration in seconds for which the token is valid.
token_type	string	Yes	The type of token issued - `Bearer`.

Use the Authentication Token

The generated authentication token will be used to access other API resources. This access token must be included in the headers of your API requests. Use the Authorization header with the format:

Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cC...

Replace the placeholder with the actual token value you received. This token will authenticate your requests to access protected resources within the Alvys API.

Important Notes

⚠️ Ensure that you keep your client_id and client_secret secure. Tokens are time-limited and must be regenerated periodically by re-authenticating using the same endpoint.