The Skill Engine API uses OAuth2 for authentication. You’ll receive a client_id, client_secret, audience and tenant from TechWolf to request an Authorization token with grant_type client_credentials at:

  • For EU tenants: https://techwolf.eu.auth0.com/oauth/token
  • For US tenants: https://techwolf-us.us.auth0.com/oauth/token

Authorization tokens are limited and requesting a new token requires an HTTP request to the token endpoint, slowing down requests. So if you’re not using a standard OAuth2 client, make sure to cache this token and reuse it until it expires. The expiry is returned by Auth0 (and also encoded in the token). More information about OAuth2 can be found here.

An example request to the token endpoint for EU tenants is as follows:

curl -X POST 'https://techwolf.eu.auth0.com/oauth/token' \
-H 'Accept: application/json'  \
-H 'Content-Type: application/json' \
-d '{"client_id": "abcd12317icwFq2x3f4v4BZlQ2sB5q2i2E",
    "client_secret": "abcd1234JViv17icwFq2x3f4v4BZlQ2sB5q2i2E",
    "audience": "eu3.techwolf.ai",
    "grant_type": "client_credentials",
    "tenant": "company_xyz"}'

The response contains the following attributes:

  • access_token: the token that is to be used in the Authorization header of subsequent API calls
  • expires_in: lifetime of the token
  • scope: access permissions of the token
  • token_type: default Bearer

An example response can be found below:

{
    "access_token": "eyJhbGciOiJSUzI0I0seiEw",
    "expires_in": 10800,
    "scope": "read write"
    "token_type": "Bearer"
}

Scopes

A list of the supported scopes can be found below:

  • read: Grants read access
  • write: Grants write access
  • read_reports: Grants read access to reports (only aggregated info)

You can determine which scopes should be included in your access token by specifying them in the token request. If you don’t specificy the scopes, you will receive a token with all possible scopes for your tenant.

An example request to the token endpoint for EU tenants is as follows:

curl -X POST 'https://techwolf.eu.auth0.com/oauth/token' \
-H 'Accept: application/json'  \
-H 'Content-Type: application/json' \
-d '{"client_id": "abcd12317icwFq2x3f4v4BZlQ2sB5q2i2E",
    "client_secret": "abcd1234JViv17icwFq2x3f4v4BZlQ2sB5q2i2E",
    "audience": "eu3.techwolf.ai",
    "grant_type": "client_credentials",
    "tenant": "company_xyz",
    "scopes": ["read", "read_reports"]}'

Using the token

The token needs to be added in the Authorization header of the subsequent API calls, in the following format Authorization: Bearer {access_token}. To verify if your token works, you can retrieve the version of your tenant via the /version endpoint:

curl -X GET '[server-url]/version' \
    -H 'Accept: application/json'  \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI0I0seiEw'

Want to Know More? More information about the authentication process with OAuth2 can be found on the Auth0 website .

Was this page helpful?