Authentication
API Authentication Guide Overview: The Acme API uses Bearer token authentication for all endpoints. Tokens are obtained via the OAuth 2.0 client credentials flow.
POST
/api/v1/auth/token
Obtain an access token using client credentials.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
client_id | string | required | Your application client ID |
client_secret | string | required | Your application client secret |
grant_type | string | required | Must be "client_credentials" |
Example Response
{
"access_token": "eyJhbGciOiJIUzI1NiJ9...",
"token_type": "eyJhbGciOiJIUzI1NiJ9...",
"expires_in": 3600
}
POST
/api/v1/auth/refresh
Refresh an expired access token.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
refresh_token | string | required | The refresh token from initial auth |
Example Response
{
"access_token": "eyJhbGciOiJIUzI1NiJ9...",
"expires_in": 3600
}
DELETE
/api/v1/auth/revoke
Revoke an active access token.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
token | string | required | The token to revoke |
Example Response
{
"status": "active"
}