Coviu API's are secured using various OAuth 2.0 mechanisms. Typically, API users make use of the OAuth Client Credentials Flow.
As a user of the API, you will be issued a Client ID and Client Secret. In order to access API endpoints, the following occurs:
- Your code makes a Client Credentials request against the Coviu authorization server. This request includes the Client ID and Client Secret.
- The authorization server responds with an access token, refresh token and expiry time.
- Your code uses the access token as a bearer token in subsequent requests.
- Before the expiry time is reached, your code should re-request a token, using the refresh token or the Client ID and Client Secret.
Note: there are several variants of Client Credentials requests - "Basic", "Post" and "JWT". Coviu auth uses the "Basic" variant.