Authentication

Authentication is performed via the Authentication http header and a bearer token.

The bearer token is the access token acquired either via the OAuth2 process or the OpenID Connect Login endpoint.

Example


GET http://docker.api.stonehilt.com/api/v1/linguistics/parts-of-speech
Accept: application/json
Authorization: Bearer {ACCESS_TOKEN}

{ACCESS_TOKEN} - Replace with access token

Client Credentials

The Client Credentials grant is used for Machine-to-Machine (m2m) communications where you can maintain the security of the client id and secret and want the authorized requests to always use a specific user for tracking purposes.

NEVER DISCLOSE the client_id or client_secret of a client credentials grant. If you believe the client id or secret might be disclosed, you should rotate the secret and update your app's usage of the secret.

Request

POST https://scientistguild.com/api/v1/auth/tokens/issue
Authorization: Basic {BASE64_ENCODED_ID_AND_SECRET}
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials

{BASE64_ENCODED_ID_AND_SECRET} - Base64 encoding of CLIENT_ID:CLIENT_SECRET

Request Data

grant_type: client_credentials

Response - Success

access_token: string: {ACCESS_TOKEN}
token_type: string: "bearer"
expires_in: int
scope: string

{ACCESS_TOKEN} - Access token to be used in Authentication header

Example

POST https://scientistguild.com/api/v1/auth/tokens/issue
Authorization: Basic SUQ6U0VDUkVU
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials

HTTP/1.1 200 OK
Date: Sat, 21 Mar 2026 06:03:19 GMT
Cache-Control: no-cache, private
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 59
Access-Control-Allow-Origin: *
Vary: Authorization
Transfer-Encoding: chunked
Content-Type: application/json

{
  "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOjgsImV4cCI6MTcyODMyNjI1OCwiaWF0IjoxNzI4MzI1MzU4LCJqdGkiOiIwMWo5bTNnNTZtcDNoeTEybnQxNmthcDIwcCJ9.2FndSi-k_QBf4Uh51qQ6y5YaTlSIL0owZI5UlPIeNuqLeGFceQ_PbBL3ktTMUnCidp-BXfYKivTd74qGcnTRnEAaAMOrQMiUstlBCEpIn1xgJzhaaPFzCJsZR2EG8EzKrJ7W5Ne9Ir_5FOGyt46m_NZ_g-D43kkxqG8GB_fvQ29EXEa3QX16ljqYUGloSqjorUuw3zqXUBF1D0A4Q6fN6h19gqFsr5z236JDYOuG1EAVGQCzyjU7A_Fwfs6QkVkLFEI-8Ly5xVrrT92zYY22ylw3jtq97q1HFLsATT_7DJQez4OqSgQFI9yy1VJX1ut6en37lhedt8_eRQWisf0XCLEIH9oFuvzwQxJigC-PALDVjosqtzvYfprQVKFXzGvnNPgMby6xbOLlbupwmVizDT8FGpV_Yp2ap3ttI6z-rRP14O9jc0jC-3vZ9BT2aobW-sm3He-Tp4zIDLAV6RYnlflkaEvrymR2slXxZIbQqlLZtjl87xuDh8JBMhhOaJzGPNHhRv-Z0eLPDs_fga3eerj8OA5h_MkwNjql536NPMskpOWb9D_zWiBibUx7YWuiVXvOE5a4g6mvVGx9lz5Jdc-RCTrn4KsTaVGP7TgbQcgYowSGbldJOCeUHEGd_6brwvCJuQ8_JI8VxziykMvuqM4oz2bU4aD2f2YIxTE4BsM",
  "token_type": "bearer",
  "expires_in": 899,
  "scope": ""
}

SUQ6U0VDUkVU - Example encoding of Client ID = "ID" and Client Secret = "SECRET"