Skip to main content

Authenticating to Corti's API

Guide for API Authentication

Updated this week

To securely interact with Corti’s API, you must authenticate your requests using an OAuth 2.0 access token. This article explains how to authenticate, format your request, obtain your access token, and handle token expiration.

Authentication Method

Corti’s API uses OAuth 2.0 Client Credentials Grant for authentication.
You’ll need:

  • Your Client ID

  • Your Client Secret

  • Your Environment ID

  • Your Tenant Name

These credentials can be generated in the Corti Console. You’ll use them to request an access token, which must be included in all API calls.

Formatting Your Request

To request an access token, send a POST request to:

https://auth.{environment-id}.corti.app/realms/{tenant-name}/protocol/openid-connect/token

Use the following request header:

Parameter

Value

Content-Type

application/x-www-form-urlencoded

Include the following form parameters in the request body:

Parameter

Value

grant_type

client_credentials

client_id

your client ID

client_secret

your client secret

Receiving Your Access Token

If the request is valid, you’ll receive following response which includes your access_token. You can this token in the Authorization header of your API calls.

{"access_token":"ey...","expires_in":300,"refresh_expires_in":0,"token_type":"Bearer","id_token":"e...","not-before-policy":0,"scope":"openid email profile"}

The access_token is valid for 5 minutes (300 seconds). Before making API calls, ensure your token is still valid.

Video Walkthrough and Example Code

JavaScript Example Code

This requires that you have node.js installed. Here is a link to download node.js.

const CLIENT_ID     = "";
const CLIENT_SECRET = "";
const ENVIRONMENT   = "";
const TENANT_NAME   = "";

const TOKEN_URL = `https://auth.${ENVIRONMENT}.corti.app/realms/${TENANT_NAME}/protocol/openid-connect/token`;

export async function getAccessToken() {
  const res = await fetch(TOKEN_URL, {
    method: 'POST',
    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
    body: new URLSearchParams({
      client_id: CLIENT_ID,
      client_secret: CLIENT_SECRET,
      grant_type: 'client_credentials'
    })
  });
  if (!res.ok) throw new Error(`Token request failed (${res.status})`);
  const { access_token } = await res.json();
  return access_token;
}

getAccessToken()
  .then(token => console.log(token))
  .catch(err => console.error(err.message));

Python Example Code

This requires that you have Python installed. Here is a link to download Python.

import requests

# Insert your credentials below
CLIENT_ID, CLIENT_SECRET, ENV, TENANT = (
    "client id",
    "client secret",
    "environment",
    "tenant",
)

URL = (
    f"https://keycloak.{ENV}.corti.app"
    f"/realms/{TENANT}/protocol/openid-connect/token"
)

def get_access_token():
    r = requests.post(
        URL,
        data={
            "client_id": CLIENT_ID,
            "client_secret": CLIENT_SECRET,
            "grant_type": "client_credentials",
            "scope": "openid"
        },
    )
    r.raise_for_status()
    return r.json()["access_token"]

if __name__ == "__main__":
    token = get_access_token()
    print(token)

Video Tutorial

Related Articles
Setting Up Okta for Corti
How to Get Started with Corti’s API: From Authentication to Real-Time Clinical Insights
How Authentication Works with Corti’s API
Corti Architecture for API Integration Partners
Creating an Interaction in Corti API
Did this answer your question?