Authentication

This guide walks users through how to use authenticate requests using the Alluvial APIs.

Client Credentials Flow

Below is a ladder diagram showing the flow to create an access token.

This flow involves 3 parties:

• Platform Server: the client looking to access the Alluvial API and which has previously been given a Client ID and Client Secret credentials.

• Alluvial Authorization Server: responsible for validating credentials and generating JWT Access Token.

• Alluvial API: the target resource to be accessed.

Getting Access Token

To obtain an access token, use the a request below using your client id and secret.

Request:

curl  'https://auth.alluvial.finance/oauth/token' \
--header 'content-type: application/json' \
--data '{
 "audience": "https://api.staging.alluvial.finance",
 "grant_type": "client_credentials",
 "client_id": "<YOUR_CLIENT_ID>",
 "client_secret": "<YOUR_CLIENT_SECRET>"
}'

Response:

{
  "access_token": "eyJhbGci…CVm5g",
  "scope": "read:eth-oracle read:eth-contracts read:eth-operators",
  "expires_in": 86400,
  "token_type": "Bearer"
}

Refreshing Access Token

Access Token should be reused for every request until it expires, in which case they should go through the Client Credential Flow again to obtain a fresh Access Token.

Sample request

To use the access token, pass it via the HTTP header Authorization: Bearer

curl 'https://api.staging.alluvial.finance/v0/wallets/0x2B7ff5d4C14A9Da8d5C9354c7A52aB40DdC1C01e' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer eyJh...b'

If you receive a 2xx response, you are now able to make fully authenticated requests.

If you receive a 4xx response, check if your access token is expired.