Authentication

Overview

Kaunt uses the OAuth2 Client Credentials Grants flow for authentication. This means that you need a client_id and client_secret pair for your client, which is then exchanged for a Bearer token.

Keep your client_secret safe:

API key pairs consist of a client_id and client_secret. While the client_id can be public, keep your client_secret safe as it carries many privileges. You can generate and revoke API keys on the Kaunt partner-platform or you can contact us.

The following figure shows the authentication flow:

auth scheme

Obtain an access token

To obtain an access token, follow these steps:

Send a POST request to https://api.kaunt.com/v1/oauth2/token with the Authorization header set to Basic <auth credentials>, where <auth credentials> is a base64 encoding of {client_id}:{client_secret}. The request body should include grant_type set to client_credentials. The Content-Type in the header should be set to application/x-www-form-urlencoded
If the request is valid, you'll receive an API access token in the response body. The token will be valid for a certain amount of time, specified in the expires_in parameter.

{
  "access_token": <TOKEN>,
  "token_type": "Bearer",
  "expires_in": 3600
}

To make API requests, set the Authorization header of your requests to Bearer <access token>. All API requests must be made over HTTPS. Requests made using plain HTTP will fail, as will unauthenticated requests.

Expiration

When a client_id and client_secret pair has been exchanged for an access token, the token is only valid for a certain amount of seconds (specified in the expires_in parameter in the response body). When the token expires, you'll need to restart the authentication flow from step 1.

Overview​

Obtain an access token​

Expiration​

Overview

Obtain an access token

Expiration