🎉 Unlimited Free KYC - Forever!!

Auth + Data
Data API Reference
Authentication

Authentication

To interact with the Auth + Data API, you need to authenticate using an access_token. This token is required for all API requests to ensure secure access.

Obtaining the access_token

To obtain the token, follow these steps:

1. Register Your Application and configure the User Settings

First, you need to register your application with the Auth + Data service explained in the Quick Start Guide. This involves obtaining a Client ID and Client secret, which will be used to authenticate your application.

2. Get the access_token

To retrieve the client access_token, call the /v2/token/ endpoint with the base64 encoded ${clientID}:${clientSecret} and the client_credentials grant.

  • Base URL: https://apx.didit.me
  • Endpoint: /auth/v2/token/
  • Purpose: Authenticate the service provider and obtain a token.
  • Process: The service provider sends a POST request with their Client ID and Client Secret. The server responds with a client access_token if the credentials are valid.
⚠️

Keep your Client ID and Client Secret secure. Never share the Client Secret credentials or expose them in client-side code.

Request

To retrieve the encodedCredentials, follow these steps:

  1. Combine Credentials: Concatenate your Client ID and Client Secret with a colon (:) in between.
  2. Base64 Encode: Encode the combined string using Base64. This encoded string will be used as encodedCredentials.

Include the encodedCredentials in the Authorization header of your request and use the grant type client_credentials as shown below:

POST /auth/v2/token/ HTTP/1.1
Host: apx.didit.me
Content-Type: application/x-www-form-urlencoded
Authorization: Basic ${encodedCredentials}
 
grant_type=client_credentials

Response

{
  "iss": "https://didit.me",
  "iat": 1617220000,
  "sub": "your-application-uuid",
  "client_id": "your-client-id",
  "organization_id": "your-organization-id",
  "expires_in": 86400,
  "exp": 1618084000,
  "access_token": "your-cient-access-token"
}

Code Example

const fetchClientToken = async () => {
  const url = process.env.NEXT_PUBLIC_API_URL + '/auth/v2/token/';
  const clientID = process.env.NEXT_PUBLIC_DIDIT_CLIENT_ID;
  const clientSecret = process.env.CLIENT_SECRET;
 
  const encodedCredentials = Buffer.from(
    `${clientID}:${clientSecret}`,
  ).toString('base64');
  const params = new URLSearchParams();
  params.append('grant_type', 'client_credentials');
 
  try {
    const response = await fetch(url, {
      method: 'POST',
      headers: {
        Authorization: `Basic ${encodedCredentials}`,
        'Content-Type': 'application/x-www-form-urlencoded',
      },
      body: params,
    });
 
    const data = await response.json();
 
    if (response.ok) {
      // Return the entire data object if you need to use other properties
      return data;
    } else {
      console.error('Error fetching client token:', data.message);
      return null;
    }
  } catch (error) {
    console.error('Network error:', error);
    return null;
  }
};
Full FlowCreate Session