This guide walks users through how to use authenticate requests using the Alluvial APIs.

Client Credentials Flow

Below is a ladder diagram showing the flow to create an access token.

This flow involves 3 parties:

  • Platform Server: the client looking to access the Alluvial API and which has previously been given a Client ID and Client Secret credentials.

  • Alluvial Authorization Server: responsible for validating credentials and generating JWT Access Token.

  • Alluvial API: the target resource to be accessed.

To obtain a Client ID and Client Secret reach out to your Alluvial representative.

Getting Access Token

To obtain an access token, use the a request below using your client id and secret.


Make sure you are using the correct audience URL. Staging: Production:

curl  '' \
--header 'content-type: application/json' \
--data '{
 "audience": "",
 "grant_type": "client_credentials",
 "client_id": "<YOUR_CLIENT_ID>",
 "client_secret": "<YOUR_CLIENT_SECRET>"


   "access_token": "eyJhbGci…CVm5g",
   "scope": "read:eth-oracle read:eth-contracts read:eth-operators",
   "expires_in": 86400,
   "token_type": "Bearer"

Refreshing Access Token

Access Token should be reused for every request until it expires, in which case they should go through the Client Credential Flow again to obtain a fresh Access Token.

Sample request

To use the access token, pass it via the HTTP header Authorization: Bearer

curl '' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer eyJh...b'

If you receive a 2xx response, you are now able to make fully authenticated requests.

If you receive a 4xx response, check if your access token is expired.

You are now ready to make requests! Please check out our guides on staking and redemptions.

Last updated