Getting an access token

A prerequisit to interacting with the NanoTrust API is to have registered a valid account (either as a developper, or by subscribing to a paid or free plan) on the NanoTrust plateforme

NanoTrust uses an Oauth2 provider compatible with OpenID Connect to manage specific authentication and authorization flows. Two pieces of information are needed to get an access token from our OAuth 2 provider:

  • NANOTRUST_APP_KEY: a client specific key identifying the application used to interact with the NanoTrust APIs
  • NANOTRUST_APP_SECRET: a secret corresponding to the application key

Currently only the NanoTrust team can generate and give you those keys. Please contact us if you need them. Ask for authentication keys

The authentication domain used to retreive an access token is
HTTPS is a mandatory protocol to use at all time.

Following the OAuth2 specification, retreiving a valid access token is done querying the token endpoint:


To perform this call successfully:

  • an authorization header should be present which MUST be of the form: Basic {Base64-encoded version of 'NANOTRUST_APP_KEY:NANOTRUST_APP_SECRET'}.
  • an grant_type header should be present which MUST be client_credentials.

Http request examples

Given :



curl    --location '' \
        --header 'Content-Type: application/x-www-form-urlencoded' \
        --header 'Accept: application/json' \
        --header 'Authorization: Basic YOUR_BASE64_ENCODED' \
        --data-urlencode 'grant_type=client_credentials' \


require "uri"
require "net/http"

url = URI("")

https =, url.port)
https.use_ssl = true

request =
request["Content-Type"] = "application/x-www-form-urlencoded"
request["Accept"] = "application/json"
request["Authorization"] = "Basic YOUR_BASE64_ENCODED"
request.body = "grant_type=password&username=YOUR_EMAIL&password=YOUR_PASSWORD"

response = https.request(request)
puts response.read_body

Http answer

    "access_token": "eyJhbGciOiJIUzUx",
    "token_type": "Bearer",
    "expires_in": 21600,
    "refresh_token": "7YPYix_aXXFtEgualnDFW2BdkNw",
    "scope": "openid public profile email",
    "created_at": 1678458232,
    "id_token": "eyJ0eXAiOiJKV1QBNUIyQTNGeElyRm0wV3NVTGsifQ"

You can add an this access_token in Authorization header as such { ‘Authorization’ => ‘Bearer {access_token}’} with every call.