The authentication endpoint allows clients to obtain an access token, which is required for making authenticated API requests.
Update (June 2025): A new token endpoint has been introduced to enhance security and scalability. While the authentication flow remains based on the Client Credentials model, tokens must now be requested from the updated URL.
This legacy
/api/authentication/{tenant_id}/tokenendpoint is deprecated and will be fully shut down on July 31, 2025.
This endpoint generates an access token, allowing clients to authenticate and access protected resources within the Alvys system.
Supported Content Types
This endpoint accepts requests with the following Content-Type headers:
application/jsonapplication/x-www-form-urlencoded
Requests using other content types (e.g.,
multipart/form-data) will be rejected with a415 Unsupported Media Typeerror.
Request Parameters
These parameters are required in the body of the request:
| Field | Type | Required | Description |
|---|---|---|---|
| tenant_id | string | Yes | The unique Alvys identifier obtained at tenant registration. |
| client_id | string | Yes | The unique identifier generated from the API Access page on the Alvys platform. |
| client_secret | string | Yes | The secret key generated from the API Access page on the Alvys platform. |
| grant_type | string | Yes | The type of grant being used. Must be client_credentials. |
Curl Example β JSON Format
curl --request POST \
--url 'https://integrations.alvys.com/api/authentication/{TENANT_ID}/token' \
--header 'Content-Type: application/json' \
--data '{
"client_id": "{CLIENT_ID}",
"client_secret": "{CLIENT_SECRET}",
"grant_type": "client_credentials"
}'Curl Example β Form-Encoded Format
curl --request POST \
--url 'https://integrations.alvys.com/api/authentication/{TENANT_ID}/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data 'grant_type=client_credentials' \
--data 'client_id={CLIENT_ID}' \
--data 'client_secret={CLIENT_SECRET}'Replace{CLIENT_ID}, {CLIENT_SECRET}, {TENANT_ID} with your actual credentials. Secure and save them for later steps.
Upon successful authentication, the endpoint returns a JSON response containing the access token and related information.
Example Response:
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"expires_in": 3600,
"token_type": "Bearer"
}Response Parameters
| Field | Type | Required | Description |
|---|---|---|---|
| access_token | string | Yes | The generated bearer token for authenticated access. |
| expires_in | number | Yes | The duration in seconds for which the token is valid. |
| token_type | string | Yes | The type of token issued - Bearer. |
Use the Authentication Token
The generated authentication token will be used to access other API resources. This access token must be included in the headers of your API requests. Use the Authorization header with the format:
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cC...Replace the placeholder with the actual token value you received. This token will authenticate your requests to access protected resources within the Alvys API.
Important Notes
β οΈ Ensure that you keep your client_id and client_secret secure. Tokens are time-limited and must be regenerated periodically by re-authenticating using the same endpoint.