Client credentials (ID and secret pair) are required to authenticate with the Metafold API. You may create a client through the Metafold account page.
<aside> 🔐
The client secret must be kept secure.
In the event the client ID and secret are compromised, attackers may gain full access to the user’s private resources. The compromised client may be deleted from the account page to invalidate existing access tokens and prevent further client credentials exchanges.
While access tokens expire within 24 hours, they provide direct access to user resources and should also be kept secret.
</aside>
The client ID/secret pair must be exchanged for an access token that may be used to authenticate with the Metafold API. Exchanging your client credentials can be done with a HTTP POST request to our authentication service:
**POST** <https://metafold3d.us.auth0.com/oauth/token>
With the following parameters in the request body:
| Parameter | Description |
|---|---|
grant_type |
Must be client_credentials. |
audience |
Must be https://api.metafold3d.com. |
client_id |
Your client ID. |
client_secret |
Your client secret. |
The response is encoded as application/json and includes the following fields:
| Field | Description |
|---|---|
access_token |
JWT access token that may be used to authenticate with the Metafold API. |
expires_in |
The returned access token expires in this many seconds. |
Note that new access tokens expire within 24 hours and must be refreshed to renew access to our API.
Access tokens should be included in the request header in the following form:
Authorization: Bearer $access_token
You may alternatively find it easier to authenticate using one of Auth0’s many SDK libraries. The example below uses the Auth0 Node.js SDK.