Authentication
Overview
Vyro's APIs use standard OAuth 2.0 for authentication. Clients must authenticate using their client_id and client_secret to obtain an access token. The access token is required for all subsequent API requests and has a validity period of one hour.
Domains
Vyro provides authentication services across two primary domains:
https://authentication-api.vyro.com.au– This domain is used for API authentication in the Asia-Pacific region.https://authentication-api.vyro-eu.com– This domain is used for API authentication in the European region.
Clients should select the appropriate domain based on their geographic location to ensure optimal performance and compliance with data residency requirements.
Authentication Endpoint
URL
POST /api-client/authenticate
Request Headers
| Header | Value | Required | Description |
|---|---|---|---|
| Content-Type | application/json | Yes | The request body must be JSON. |
Request Body
The request body must contain the client_id and client_secret provided by Vyro.
Example Request
{
"client_id": "your-client-id",
"client_secret": "your-client-secret"
}
Response
If authentication is successful, the response will contain an access_token, which must be included in the Authorization header for subsequent API requests.
Example Response
{
"access_token": "your-access-token"
}
Response Fields
| Field | Type | Description |
|---|---|---|
| access_token | string | The token to use for authenticated requests. |
Error Responses
| HTTP Status Code | Error Message | Description |
|---|---|---|
| 400 Bad Request | invalid_request | Missing or invalid parameters in the request. |
| 401 Unauthorized | invalid_client | Invalid client_id or client_secret. |
| 500 Internal Server Error | server_error | An error occurred on the server side. |
Using the Access Token
Once an access token is obtained, it must be included in the Authorization header for all API requests.
Example Authenticated Request
GET https://api.vyro.com.au/resource
Headers:
Authorization: Bearer your-access-token
