Authentication
Efimis APIs use OAuth 2.0 for secure authentication and authorization. Applications must use the OAuth 2.0 client credentials flow to access APIs.
Client credentials flow (machine-to-machine)
Section titled “Client credentials flow (machine-to-machine)”Use this flow for backend services or applications without user interaction.
Request an access token
curl -X POST "https://id.efimis.com/27833600-9a90-49d8-a577-590a7f0072ca/b2c_1a_idp_aad_multi/oauth2/v2.0/token" \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "grant_type=client_credentials" \ -d "client_id={YOUR_CLIENT_ID}" \ -d "client_secret={YOUR_CLIENT_SECRET}" \ -d "scope=https://id.efimis.com/efimis-api/.default"Response
{ "access_token": "eyJhbGciOiJIUzI1...", "token_type": "Bearer", "not_before": 1749554835, "expires_in": 43200, "expires_on": 1749598035, "resource": "[RESOURCE ID]"}Authorization code flow (user authentication)
Section titled “Authorization code flow (user authentication)”Use this flow when a user needs to authenticate and grant access to their data.
Making authenticated requests
Section titled “Making authenticated requests”Include the access_token in the Authorization header for all API requests.
GET /v1/resources HTTP/1.1Host: api.au|uk.efimis.com/[tenant]Authorization: Bearer OAUTH_ACCESS_TOKENSecurity best practices
Section titled “Security best practices”- Store credentials securely.
- Use HTTPS.
- Implement least privilege.
For sandbox access and developer keys, contact connections@efimis.com.