Authentication

To access All.id resources using REST API, you will first need a JWT token. This is a token that Caf provides for authorization and is used by the client when making each API call.

A token is a secret that only the client knows. Like basic authentication, token-based authentication is only considered secure if used together with other security mechanisms such as HTTPS/SSL.

It is possible to define which scopes the tokens will have access and which actions it can execute in that scope. Use some token that do not have the required permissions to access a resource will end up in a 403 "Forbidden" response, so you must be careful when set your token's permission by verifying which permissions are mandatory for each available resource.

You can create as many tokens as you need, so we recommend setting the minimum permissions necessary for each token.

Account users with appropriate permissions will be able to create tokens on the Trust Platform by following the below steps:

Getting your access token

Never share your API credentials with anyone, even Caf Support

Example request headers

{
    "Authorization": "Bearer $CAF_TOKEN"
}

All calls to the API are authenticated and must have the token next to Bearer prefix in the Authorization header of the request. Calls with a missing or invalid access token will return code 401 "Unauthorized".

Last updated 4 months ago