/
Authentication

Authentication

Owned by Priit Aavik
Last updated: Sept 10, 2024 by Vaidotas Gailius
1 min read

  • Ondato APIs use OAuth2 Access Tokens to authenticate each request.

  • To obtain Access Token - a post request must be done to our authorization server URL:

  • Request to the authorization server must use 'Content-Type: application/x-www-form-urlencoded' header and has to contain the following information in the body:

Key

Value

Description

Key

Value

Description

client_id

<client_id>

Your ID that will be provided by Ondato.

client_secret

<secret>

Your secret that will be provided by Ondato.

grant_type

client_credentials

Machine-to-machine grant flow.

scope

<reqested_scopes_separated_by_space>

Access to requested resources.

This is an optional parameter:
If the scope is not defined, then the token is created with all available scopes for the client_id.

Discovery endpoint: https://id.ondato.com/.well-known/openid-configuration.

Example:

Screenshot 2024-03-04 at 15.11.27.png

Authentication request example (production)

For in-depth reference see specification about authorization request and response.

curl --location --request POST 'https://id.ondato.com/connect/token' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'grant_type=client_credentials' \ --data-urlencode 'client_id=client_id_that_only_you_know' \ --data-urlencode 'client_secret=secret_that_only_you_know' \

Related content

Identity Verification (IDV)
Identity Verification (IDV)
Ondato
More like this
IDV API
IDV API
Ondato
Read with this
Legal entities data
Legal entities data
Ondato
More like this
Customer onboarding (KYC) integration with UI
Customer onboarding (KYC) integration with UI
Ondato
Read with this
Business onboarding full integration
Business onboarding full integration
Ondato
More like this
Webhooks
Webhooks
Ondato
Read with this