Authentication

Overview

Our API uses OAuth2 Client Credentials authentication to allow secure access for machine-to-machine interactions. This guide will help you obtain an access token and use it to authenticate requests.

Authentication Endpoint

To obtain an access token, send a POST request to the token endpoint:

POST https://sso.ecoinvent.org/realms/ecoinvent/protocol/openid-connect/token

Request Parameters

The request must include the following parameters in the body as application/x-www-form-urlencoded:

Example Request (cURL)

curl -X POST https://sso.ecoinvent.org/realms/ecoinvent/protocol/openid-connect/token \
     -d "grant_type=client_credentials" \
     -d "client_id=your_client_id" \
     -d "client_secret=your_client_secret" \
     -H "Content-Type: application/x-www-form-urlencoded"

Response

A successful request returns a JSON response containing the access token:

Using the Access Token

Include the access token in the Authorization header of your API requests:

Example Request

Token Expiry

Tokens expire after expires_in seconds (e.g., 3600 seconds = 1 hour). Request a new token when it expires.

Error Handling

If authentication fails, the API returns an error response:

Ensure that your client_id and client_secret are correct.

Security Best Practices

• Keep your client_id and client_secret secure.

• Do not expose credentials in client-side applications.

• Rotate credentials periodically.

For further assistance, contact our support team.