Skip to main content
Every API request needs a Bearer access token in the Authorization header.

Get a token

Submit your clientId and clientSecret to Keycloak with the client_credentials grant.
You receive:
The token is valid for 5 minutes (expires_in: 300). There is no refresh token (refresh_expires_in: 0); when the token expires, request a new one with the same call.

Use the token

Include it in every API request: