Home

OAuth 2.0

API requests are authorized using OAuth2 Bearer tokens (see RFC 6749).

You can create multiple applications in Signatu. Each application is assigned client credentials. Use these credentials to create a token at https://api.signatu.com/oauth/v0:

You can authorize the call by providing the client_id and client_secret in the payload:

$ curl https://api.signatu.com/oauth/v0/token \
-d '{"grant_type": "client_credentials", "scope": "consent",
"client_id": "1234", "client_secret": "5678"}'
-H 'Content-Type: application/json'
{ "access_token":"21984329148923",
"expires_in":315360000,
"scope":"consent",
"refresh_token":"984723573289745",
"token_type":"Bearer" }

Or, you can Base64 encode the string client_id:client_secret, and provide as a Authorization: Basic header:

$ echo -n 1234:5678|base64
MTIzNC01Njc4
$ curl https://api.signatu.com/oauth/v0/token \
-d '{"grant_type": "client_credentials", "scope": "consent" }'
-H 'Authorization: Basic MTIzNC01Njc4'
-H 'Content-Type: application/json'
{ "access_token":"21984329148923",
"expires_in":315360000,
"scope":"consent",
"refresh_token":"984723573289745",
"token_type":"Bearer" }

Using refresh_token

For subsequent requests you can use the refresh_token to create a new bearer token for the same scope(s):

$ curl https://api.signatu.com/oauth/v0/token \
-d '{"grant_type": "refresh_token", "refresh_token": "984723573289745"}'
-H 'Authorization: Basic MTIzNC01Njc4'
-H 'Content-Type: application/json'
{"access_token":"21984329148923",
"expires_in":315360000,
"scope":"consent",
"refresh_token":"984723573289745",
"token_type":"Bearer"}

Scopes

Signatu supports the following scopes for OAuth 2.0 tokens:

  • consent - create and read consent events.
  • trackerdetect - use the Trackerdetect API.

All tokens will also receive the additional scope DEFAULT which is required for any access. the DEFAULT scope will be added automatically.