Authentication

The Aventus Platform uses OAuth 2.0 to authenticate and authorise requests to our API. OAuth 2.0 allows users to grant 3rd party applications full or partial access to their account without sharing their login credentials.

Access Tokens

To use the API, your application must send an OAuth 2.0 access token in an Authorization header with each request.
Authorization: Bearer ACCESS_TOKEN

Scopes

During the authorization flow, you'll need to include a list of requested scopes (permissions). When users authenticate they will be asked to grant permission to your application's requested scopes.

OAuth 2.0 flows

There are three OAuth 2.0 flows depending on the type of your application

Implicit GrantUsed by client applications, where you are making API calls from a client
Authorization Code Grant (PKCE)Used by native mobile applications
Authorization Code GrantUsed by server applications, where you are making API calls from the server

Follow this diagram to identify the authorization flow for your application.

800