Before making any API requests, the client must be properly authenticated and authorized. This process ensures that only trusted applications have access to data and features, protecting sensitive information and preventing misuse. Authorization is based on the issuance and validation of access tokens, which must be included in all requests.
Request authorization
POST /oauth2/token
/oauth2/token- The client application sends its credentials (such as client_id and client_secret) to the authentication endpoint
- The API validates the provided credentials
- An access token is generated
- The client uses this token in subsequent requests
curl --location --request POST '<AUTH_BASE_URL>/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=<CLIENT_ID>' \
--data-urlencode 'client_secret=<CLIENT_SECRET>' \
--data-urlencode 'grant_type=client_credentials'
Body
| client_id | string | Client ID |
| client_secrect | string | Client Secret |
| grand_type | string | client_credentials |
Response
{
"access_token": "token",
"expires_in": 3600,
"token_type": "Bearer"
}
Important
💡 The authentication token expires in 3600 seconds (60 minutes).
It is considered good practice to request a new token only when the current one expires to prevent rate limit request.
Now you're good to go!
Our product is divided into two parts:
KYC Simple: Returns only CPF (Brazilian individual taxpayer registry) information. Click here to learn more
Liveness: Liveness verification process Click here to learn more