Skip to main content

Authentication

To use IDUnico you must authenticate using the access token obtained through the OAuth2 authentication system.

Unico's OAuth2 authentication system supports server-to-server interaction between a web application and Unico services. For this scenario, you need a service account, which is an impersonal account that belongs to your application and not to an individual user. Administrators can request that a service account be authorized to access data from a user account. For more details on how an application can complete the OAuth2 server-to-server authentication process through the HTTP protocol, see Authentication

Steps to make a request to the authentication server to obtain a valid Access Token:

Request a service account

You need to request the creation of a service account from the project manager responsible for your account. After creating the account, an e-mail is sent containing the data required for authentication:

  • Account name;
  • Your company identifier (Tenant ID);
  • Key ID;

This information is used to generate the JWT.

Generate a JWT (JSON Web Token)

To obtain a valid Access Token, you must send a JWT in the request to the authentication server. This JWT is made up of three coded blocks (header, payload and signature), separated by the . (period) character. For more information, see Creating the JWT.

Make a request to obtain the access token

After generating the signed JWT, make a request to the authentication platform. For more information, see Requesting an access token

Use the access token to call the APIs

With a valid access token, simply call the APIs using this token in the header of your requests, in the Authorization parameter.

Any concerns?

Missing something or still need help? If you are already a customer or partner, you can contact us through the Help Center.