The Authentication API is a full-featured OAuth 2.0 server implementation that specializes in secure machine-to-machine (M2M) authentication using the client credentials back channel flow. This flow is optimized for server-side applications that need to securely communicate with APIs without user interaction.
Key Capabilities
As a complete OAuth 2.0 authorization server, the API provides:
→
Token Endpoint/core/oauth2/token
Issues access tokens to clients using the client credentials grant type, supporting secure back channel communication
→
Token Introspection/core/oauth2/introspect
Validates tokens and returns metadata about their scope and validity
→
Client Management
Comprehensive endpoints for creating, retrieving, updating, and deleting OAuth client applications with configurable scopes and credentials
→
Basic Authentication
Alternative authentication method for simpler integration scenarios
→
Standard Discovery
OpenID Connect discovery endpoints for automated configuration
Getting Started
To use the Authentication API, you'll need valid client credentials (client ID and client secret). To get your credentials, please send an email to hello@neobits.no with details about your integration needs.
For OAuth 2.0 authentication, your server application should:
Request an access token via the back channel using the /core/oauth2/token endpoint with your client credentials
Use that token in the Authorization header for subsequent API requests