Help CenterSecurityAuthentication
Back to Security

Authentication

Last updated January 30, 2026

Overview

Vyro's APIs use standard OAuth 2.0 for authentication. Clients must authenticate using their client_id and client_secret to obtain an access token. The access token is required for all subsequent API requests and has a validity period of one hour.

Domains

Vyro provides authentication services across two primary domains:

  • https://authentication-api.vyro.com.au – This domain is used for API authentication in the Asia-Pacific region.
  • https://authentication-api.vyro-eu.com – This domain is used for API authentication in the European region.

Clients should select the appropriate domain based on their geographic location to ensure optimal performance and compliance with data residency requirements.

Authentication Endpoint

URL

POST /api-client/authenticate

Request Headers

Header Value Required Description
Content-Type application/json Yes The request body must be JSON.

Request Body

The request body must contain the client_id and client_secret provided by Vyro.

Example Request

{
  "client_id": "your-client-id",
  "client_secret": "your-client-secret"
}

Response

If authentication is successful, the response will contain an access_token, which must be included in the Authorization header for subsequent API requests.

Example Response

{
  "access_token": "your-access-token"
}

Response Fields

Field Type Description
access_token string The token to use for authenticated requests.

Error Responses

HTTP Status Code Error Message Description
400 Bad Request invalid_request Missing or invalid parameters in the request.
401 Unauthorized invalid_client Invalid client_id or client_secret.
500 Internal Server Error server_error An error occurred on the server side.

Using the Access Token

Once an access token is obtained, it must be included in the Authorization header for all API requests.

Example Authenticated Request

GET https://api.vyro.com.au/resource

Headers:
Authorization: Bearer your-access-token
Was this article helpful?