API Authentication

All Rulex APIs require an authentication token, which can be obtained through two different types of authentication:

• Client ID & Secret

• Signed JWT (JSON Web Token).

The authentication is requested through a dedicated API call, which a specific structure

POST /api/auth/token

The call does not require any headers, and its parameters depend on the type of authentication selected.

Sample authentication request

The following is an example in cURL of an API request, using client-secret authentication

## Auth Token

Example with cURL:
```
curl --location --request POST 'your_rulex_cloud_url' \
--header 'Content-Type: application/json' \
--data-raw '{
    "auth_type": "client-secret",
    "clientId": "<yourClientId>",
    "clientSecret": "<yourClientSecret>"
}'
````

Authentication Responses

As with other API calls, the Auth API includes:

• a status code, which is 200 if the request is successful.

• response headers, which include the ID of the request, its timestamp, and the content type of the body, which should be JSON

• response body, which includes information such as the requested token and its expiration, the refresh token and its expiration.

Sample authentication response

The following is an example of the response to the above API request, using client-secret authentication

Response
```
200
X-Rulex-Request-Id: "b737fddf-5a1a-485c-bdc3-f0c23604bfac"
X-Rulex-Response-Timestamp: "2022-07-08T17:02:46.179894Z+02:00"
Content-Type: "application/json"

{
    "access_token": "<token>",
    "expires_in": 300,
    "refresh_expires_in": 7200,
    "refresh_token": "<refreshToken>",
    "token_type": "Bearer",
    "not-before-policy": 0,
    "session_state": "a2447e88-2706-463f-8527-40fd126b97b4",
    "scope": "email profile"
}
```