Server-side web applications - Authorization Code Grant

In order to access the Aventus Platform API from a server-side application, you'll request a token from our auth endpoint and then exchange that for a session token to access the API.

🚧

This authorization flow should only be used in scenarios where the client secret can be securely stored on the server side. Single Page Applications should not use this authorization flow as the client secret cannot be securely stored.

1. Get Authentication token from Auth0 (Client Credentials grant) - this will return an access token

The client_id & client_secret in the request body are your credentials to access our api. These will be shared when we setup your application on the platform

POST https://aventus-platform-auth-stella.eu.auth0.com/oauth/token
{
    "client_id": "your client id",
    "client_secret": "your secret",
    "audience": "opus-prod-api",
    "grant_type": "client_credentials"
}

Swap the Auth0 access token for an Aventus Token (gives specific access to Stella APIs).

GET https://stella-test.au.aventus.cloud/opus/session/start
header authorization: Bearer {{Auth0 Token}}