Authentication

In order to authenticate API requests, you need to create an API key.

Creating an API key generates a linked service account, which is then used to request access tokens for specific actions, such as creating or retrieving transactions, or fetching analytics information.

Each organization is limited to two service accounts.

Create an API key

Create an API key in your organization's settings page, under API keys.

Each API key has a name and a set of permissions (roles).

Once created, you can get the client_id and client_secret values.

Listing API Keys

warning

Keep client_id and client_secret safely stored. Do not expose values to end users or client-facing applications. Consider implementing a regular rotation schedule.

Get an access token

Request

POST https://account.platform.microblink.com/oauth/token

The content type should be application/json, and the request body should contain the following fields:

payload.json
{
  "client_id": "<example_id>",          
  "client_secret": "<example_secret>", 
  "grant_type": "client_credentials",   
  "audience": "idv-api"
}

The client_id and client_secret values are those created in the previous step.

Example request:

curl --url https://account.platform.microblink.com/oauth/token --json @payload.json

Response

{
  "access_token": "eyJhbGciO...7ox1RsGM3RKh2vVHw", // cropped for readability
  "expires_in": 86400,
  "token_type": "Bearer"
}

Note the expires_in field—it defines when the token must be refreshed, as it becomes invalid after a set amount of time.

tip

Refresh access tokens at least 5 minutes before expiry because of potential clock skew.

Use the token in every subsequent platform request in the Authorization header:

Authorization: Bearer <access_token>

Create an API key​

Get an access token​

Request​

Response​

Create an API key

Get an access token

Request

Response