Getting Started - API key | NanoTrust for Developers

Getting an access token

A prerequisit to interacting with the NanoTrust API is to have registered a valid account (either as a developper, or by subscribing to a paid or free plan) on the NanoTrust plateforme

NanoTrust uses an Oauth2 provider compatible with OpenID Connect to manage specific authentication and authorization flows. Two pieces of information are needed to get an access token from our OAuth 2 provider:

NANOTRUST_APP_KEY: a client specific key identifying the application used to interact with the NanoTrust APIs
NANOTRUST_APP_SECRET: a secret corresponding to the application key

Currently only the NanoTrust team can generate and give you those keys. Please contact us if you need them. Ask for authentication keys

The authentication domain used to retreive an access token is auth.nanotrust.io.
HTTPS is a mandatory protocol to use at all time.

Following the OAuth2 specification, retreiving a valid access token is done querying the token endpoint:

POST https://auth.nanotrust.io/oauth/token

To perform this call successfully:

an authorization header should be present which MUST be of the form: Basic {Base64-encoded version of 'NANOTRUST_APP_KEY:NANOTRUST_APP_SECRET'}.
an grant_type header should be present which MUST be client_credentials.

Http request examples

Given :

NANOTRUST_APP_KEY: s6BhdRkqt3
NANOTRUST_APP_SECRET: gX1fBat3bV

Curl

curl    --location 'https://auth.nanotrust.io/oauth/token' \
        --header 'Content-Type: application/x-www-form-urlencoded' \
        --header 'Accept: application/json' \
        --header 'Authorization: Basic YOUR_BASE64_ENCODED' \
        --data-urlencode 'grant_type=client_credentials' \

Ruby

require "uri"
require "net/http"

url = URI("https://auth.nanotrust.io/oauth/token")

https = Net::HTTP.new(url.host, url.port)
https.use_ssl = true

request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/x-www-form-urlencoded"
request["Accept"] = "application/json"
request["Authorization"] = "Basic YOUR_BASE64_ENCODED"
request.body = "grant_type=password&username=YOUR_EMAIL&password=YOUR_PASSWORD"

response = https.request(request)
puts response.read_body

Http answer

{
    "access_token": "eyJhbGciOiJIUzUx",
    "token_type": "Bearer",
    "expires_in": 21600,
    "refresh_token": "7YPYix_aXXFtEgualnDFW2BdkNw",
    "scope": "openid public profile email",
    "created_at": 1678458232,
    "id_token": "eyJ0eXAiOiJKV1QBNUIyQTNGeElyRm0wV3NVTGsifQ"
}

You can add an this access_token in Authorization header as such { ‘Authorization’ => ‘Bearer {access_token}’} with every call.