Overview

This guide explains how to authenticate with our API using OpenID Connect (OIDC) with the client credentials flow. This authentication method is designed for server-to-server communication where your application needs to access API resources on its own behalf.

Prerequisites

Before you begin, ensure you have:
  • Your Client ID and Client Secret, which you can create at https://app.engrate.io
  • The authorization server’s token endpoint URL which is https://login.engrate.io/oauth/v2/oauth-token

Introduction to OAuth 2.0/OIDC

The client credentials flow is OAuth 2.0/OIDC that involves these steps:
  1. Your application sends a POST request to the token endpoint with your Client ID and Client Secret
  2. The authorization server validates your credentials
  3. If valid, the server returns an access token
  4. Your application use this access token to authenticate API requests by passing it in a header: Authorization: Bearer <token>
See https://openid.net/developers/how-connect-works/ for more details.

Client Libraries

All major languages have client libraries to use that simplify the OIDC 2.0 flow. Below are some suggestions.

Examples

Getting an access token

curl -X POST "https://login.engrate.io/oauth/v2/oauth-token" \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -d "grant_type=client_credentials" \
    -d "client_id=$CLIENT_ID" \
    -d "client_secret=$CLIENT_SECRET"

Using the access token

curl -X GET "https://api.engrate.io/v1/power-tariffs/SE/lat/57.727011/lon/14.155703" \
  -H "Authorization: Bearer $ACCESS_TOKEN" \
  -H "Content-Type: application/json"