API Reference

Authentication

Authentication


In order to make calls to the Contit API, every request must be authenticated using one of the following mechanisms:

  1. OAuth2 access token (Bearer token)
  2. API key sent in the x-api-key header

Option 1 – OAuth2 access token (Client Credentials Flow)

The authorization server issues access tokens using the OAuth2 Client Credentials flow.

The token endpoint is https://id.contit.cloud/connect/token

The client_id and client_secret are generated by the management panel at https://app.contit.cloud in the Client API section.

The issued access token is valid for one hour. Once it has expired, you must obtain a new access token as described above.

Example request for access token:

curl -X POST -d "client_id=id&client_secret=secret&grant_type=client_credentials" https://id.contit.cloud/connect/token

Example of response with the access token:

{
  "access_token": "b4dc1410-6b15-4a7c-bd22-1abea1f0fa3a",
  "token_type": "bearer",
  "expires_in": 3600
}

Example API request using a Bearer token:

curl -X GET "https://api.contit.cloud/" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

Option 2 – API key (x-api-key header)

As an alternative to OAuth2, the Contit API also supports authentication via an API key.

The API key is generated from the management panel at https://app.contit.cloud in the API key configuration section.
Each client application should use its own API key. If an API key is revoked, all requests using that key will be rejected.

Example API request using x-api-key:

curl -X GET "https://api.contit.cloud/" \
  -H "x-api-key: YOUR_API_KEY"