Authentication
This document describes the supported authentication methods for accessing our API services. We currently support the following authentication mechanisms:
- API Key (via Header)
- OAuth 2.0 Client Credentials
- Bearer Token (Deprecated)
1. API Key
The API Key should be passed in the request headers as follows:
Usage:
X-API-KEY: <your_api_key>
Obtaining API Key:
To obtain your API Key, navigate to:
App > Configuration > API KEY
Example Usage (cURL):
curl -H "X-API-KEY: <your_api_key>" <api_url>
2. OAuth 2.0 Client Credentials
Use the OAuth 2.0 Client Credentials grant type to obtain an access token.
Token Endpoint:
POST https://account.piyovi.io/connect/token
Example Usage (cURL):
curl -X POST https://account.piyovi.io/connect/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials&client_id=<your_client_id>&client_secret=<your_client_secret>&scope=<optional_scope>"
Using OAuth Token:
Include the received access token in the header of subsequent API requests:
curl -H "Authorization: Bearer <your_access_token>" <api_url>
3. Bearer Token (Deprecated)
Note: This authentication method is deprecated and will be discontinued in future releases. We recommend migrating to API Key or OAuth 2.0 authentication.
Token Endpoint:
POST https://api.piyovi.io/v1/authorize/token
Example Usage (cURL):
curl -X POST https://api.piyovi.io/v1/authorize/token
Include the bearer token in the Authorization header:
Authorization: Bearer <your_token>
Security Recommendations:
- Keep your API keys and client credentials secure.
- Regularly rotate your API keys and OAuth client secrets.
- Avoid using deprecated authentication methods in production.
For any assistance or queries regarding authentication, contact support at support@cloudleap.com.