Skip to main content

Overview

All API endpoints require authentication using an access token provided as a Bearer token in the Authorization header.

Obtaining an Access Token

Submit your clientId and clientSecret to the IAM endpoint using a POST request with client_credentials grant type. 
curl -X POST "https://test.didxtech.com/iam/realms/product-hub/protocol/openid-connect/token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials&client_id=your_client_id&client_secret=your_client_secret"

Response

{
  "access_token": "eyJhbGciOiJSUzI1NiIsI...",
  "expires_in": 300,
  "refresh_expires_in": 0,
  "token_type": "Bearer",
  "not-before-policy": 0,
  "scope": "email profile"
}
Access tokens expire after 300 seconds (5 minutes). Your application should request a new token when the current one expires.

Using the Access Token

Include the token in the Authorization header for all subsequent API requests: 
-H "Authorization: Bearer <access_token>"

Token Lifecycle

FieldValueDescription
expires_in300Token validity in seconds (5 minutes)
refresh_expires_in0No refresh token support; request a new token when expired
token_typeBearerUse as a Bearer token in the Authorization header