Authentication

The ECO Portal API uses OAuth2 client_credentials flow for authentication. This is the standard flow for machine-to-machine (M2M) communication, where your application authenticates directly with the identity provider to obtain an access token.

Obtaining Credentials

To interact with the API, you need a client_id and a client_secret. These credentials identify your application and allow it to request access tokens.

Currently, credentials are managed manually. To obtain your client_id and client_secret, please contact our technical team at it@eco-platform.org.

Once you have your credentials, ensure they are stored securely (e.g., using environment variables or a secret manager) and never committed to version control.

Authentication Flow

To obtain an access token, you must send a POST request to our authentication server.

• URL: https://auth.eco-platform.org/oauth/token
• Method: POST
• Headers:
  • Content-Type: application/x-www-form-urlencoded
• Body:
  • grant_type: client_credentials
  • client_id: YOUR_CLIENT_ID
  • client_secret: YOUR_CLIENT_SECRET
  • audience: https://portal.eco-platform.org
  • scope: create:token

The response will contain an access_token and its expiration time (expires_in).

JSON

You should include this token in the Authorization header of your API requests:

Authorization: Bearer <access_token>

Code Snippets

PythonJavaScript