This guide shows how to authenticate with the Corti API using OAuth 2.0 client credentials.
Create an account and API client
-
Open the Corti API Console.
-
Sign in or create an account.
-
Create a project.
-
Create an API client within that project.
-
Keep the following values:
client_idclient_secrettenant-nameenvironment (eu or us)
These values are required for OAuth and WebSocket setup. Learn more here.
Get an OAuth access token
OAuth 2.0 client-credentials
Token URL:
https://auth.{environment}.corti.app/realms/{tenant-name}/protocol/openid-connect/token
grant_type=client_credentials
scope=openid
client_id=<your client id>
client_secret=<your client secret>
Code Sample
import fetch from "node-fetch";
const CLIENT_ID = "<your client id>";
const CLIENT_SECRET = "<your client secret>";
const ENV = "<eu-or-us>";
const TENANT = "<your tenant>";
export async function getAccessToken() {
const url = `https://auth.${ENV}.corti.app/realms/${TENANT}/protocol/openid-connect/token`;
const res = await fetch(url, {
method: "POST",
headers: { "Content-Type": "application/x-www-form-urlencoded" },
body: new URLSearchParams({
client_id: CLIENT_ID,
client_secret: CLIENT_SECRET,
grant_type: "client_credentials",
scope: "openid",
}),
});
if (!res.ok) throw new Error(`Token error: ${res.status}`);
const json = await res.json();
return json.access_token;
}
Tokens expire after 300 seconds, refresh as needed.
Learn More About OAuth
See details on different type of OAuth workflows and when to use them here 
