We apply the OAuth2.0 client credentials flow to secure access to our APIs. Using your client credentials, you can create an API access token. To authenticate your request, you must pass this token as a bearer token in your request headers.

Get your client credentials

Our team will provide you with client credentials based on your requirements. This includes the information needed to generate an API access token:

  • The URL needed to request the access token.
  • Your client ID and secret.
  • Your access scopes.

It's your responsibility to ensure your client credentials are stored securely.

Generate an API access token

You can generate your API access token with your client credentials.

Using a terminal

First, encrypt your client credentials:

  1. Combine your client ID and client secret in one line, separating them with a colon: clientid:clientsecret.
  2. Encrypt your credentials. You can choose from two options:
    • Go to base64encode.org and paste your clientid:clientsecret into the input field → select UTF-8 as your character set → Click Encode.
    • Open a terminal and enter the following command:
      echo -n clientid:clientsecret | base64
  3. Copy your encrypted credentials.

Next, generate your API access token with your encrypted credentials:

  1. Open a terminal.
  2. Send a request to POST https://<access token url>/v1/token, specifying the URL provided by our team.
    • In the header, paste your encrypted credentials as the basic authorization token.
    • In the body, specify the grant type as client_credentials, followed by the scopes in a space-separated list.

The response contains an API access token that you can use to authenticate your requests.

Example cURL

curl -X POST https://<access token url> \
     -H 'Accept: application/json' \ 
	 -H 'Authorization: Basic 'MG9...' \ 
	 -d 'grant_type=client_credentials&scope=api_scope'
CODE

Using Postman

Postman enables you to automatically generate a new bearer token to authenticate your requests.

  1. Open Postman and navigate to the Authorization section of your request.
  2. Select OAuth 2.0 from the Type dropdown.
  3. Make sure your Current Token details use Available Tokens and are set to Bearer in the Header Prefix field.
  4. In Configure New Token, use the Configuration Options to create your bearer token:
    1. Name your token (e.g. "Everon access token").
    2. Select Client Credentials in the Grant Type dropdown.
    3. Enter the URL provided by our team in the Access Token URL field: https://<access token url>/v1/token
    4. Enter your Client ID and Client Secret.
    5. Provide the scopes you need access to. For multiple scopes, enter a space-separated list: "api_scope1 api_scope2".
    6. Select Send as Basic Auth Header in the Client Authentication dropdown.
    7. Click Get New Access Token and click Proceed.
    8. Click Use Token or copy the token to use as your bearer token.

You can now use the token to make a request.

The instructions above are based on Postman version 8.11.1. They may vary if you use a different version of Postman.

Authenticate your API calls

To authenticate your API calls, you must pass your bearer token in the header of your request.

cURL

curl -X GET 'https://api.everon.io/endpoint/v1/query/resource' \
     -H 'Content-Type: application/json' \
     -H 'Authorization: Bearer eyJ...' \
CODE

If you use Postman, you can automatically pass the token in your header by following the steps in Using Postman.

To keep your data secure, your access token expires after 30 minutes. This means you must generate a new token every 30 minutes to continue making requests.