Api Authentication
Authenticate with the AirSign API using OAuth 2.0 Client Credentials flow. This endpoint issues a Bearer access token for secure API requests.
Endpoint
POST https://api.airsign.com.au/oidc/tokenHeaders
| Name | Value | Required | Description |
|---|---|---|---|
| Content-Type | application/x-www-form-urlencoded | Yes | Specifies the format of the request body |
| Authorization | Basic base64(client_id:client_secret) | Yes | Basic Auth with your client credentials |
Request Body
| Parameter | Type | Required | Description |
|---|---|---|---|
| grant_type | string | Yes | Must be client_credentials |
Example (x-www-form-urlencoded):
grant_type=client_credentialsExample Request
curl --location 'https://api.airsign.com.au/oidc/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic {base64(client_id:client_secret)}' \
--data-urlencode 'grant_type=client_credentials'Response
Status: 200 OK
{
"access_token": "{BEARER_TOKEN}",
"expires_in": 3600,
"token_type": "Bearer"
}| Field | Type | Description |
|---|---|---|
| access_token | string | The JWT access token to use in API requests |
| expires_in | int | Token lifetime in seconds |
| token_type | string | Always Bearer |
Usage
Include the returned access_token as a Bearer token in the Authorization header for subsequent API requests:
Authorization: Bearer {access_token}Security Best Practices
- Keep your
client_idandclient_secretconfidential. - Access tokens expire after the specified
expires_inperiod; request a new token as needed. - Use HTTPS in production to protect credentials and tokens.