Skip to main content

Authenticate

Learn how to obtain an access token to authenticate with IDnow

IDnow uses OAuth 2.0 with the client credentials grant type for API authentication. The steps to set up authentication are:

  1. Create API clients
  2. Use the obtained client ID and client secret to get an access token
  3. Use the access token to make an authenticated API request

Obtain access token

Use your client ID and client secret to request an access token.

Request parameters

ParameterDescriptionRequired
grant_typeOAuth 2.0 grant type. Use client_credentials for server-to-server auth.Yes
client_idYour API client ID from the IDnow dashboard.Yes
client_secretYour API client secret from the IDnow dashboard.Yes

Two authentication methods are supported. Both are equivalent — use whichever fits your HTTP client best.

Credentials in request body (client_secret_post)

Include your credentials directly in the request body:

curl --request POST https://<your-idnow-auth-server>/oidc/token \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data 'grant_type=client_credentials' \
  --data 'client_id=<your-client-id>' \
  --data 'client_secret=<your-client-secret>'

Credentials in Authorization header (client_secret_basic)

Encode your credentials as Base64(client_id:client_secret) and pass them in the Authorization header:

curl --request POST https://<your-idnow-auth-server>/oidc/token \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --header 'Authorization: Basic <base64(client_id:client_secret)>' \
  --data 'grant_type=client_credentials'

Response

If successful, you will receive an access token:

{
  "access_token": "eyJh...QifQ.eyJ...hIOw",
  "expires_in": 86400,
  "token_type": "Bearer"
}

Note: The default access token lifetime is typically 86400 seconds (24 hour). Cache tokens appropriately to avoid unnecessary requests.

Make an API request

Now that you have a valid access token, you can make requests to IDnow APIs. Include the access token in the Authorization header using the Bearer scheme:

GET /api/v1/<endpoint> HTTP/1.1
Host: <your-idnow-api-host>
Accept: application/json
Authorization: Bearer eyJh...QifQ.eyJ...hIOw

Example request

curl --request GET https://<your-idnow-api-host>/api/v1/flows/{flowId}/{environment}/sessions \
  --header 'Accept: application/json' \
  --header 'Authorization: Bearer eyJh...QifQ.eyJ...hIOw'