Authentication

Authentication

This guide explains how to authenticate your requests to the Truss API.

Overview

Truss API endpoints use Bearer token authentication. All API requests require a valid JWT access token in the Authorization header. Access tokens are obtained through the OAuth 2.0 Authorization Code flow on the Truss Auth server.

How It Works

  1. Obtain tokens via the OAuth 2.0 flow — your application redirects users to Truss for authorization, then exchanges the authorization code for an access token and refresh token at the Auth server.
  2. Call API endpoints with the access token as a Bearer token.
  3. Refresh tokens when the access token expires (every 60 minutes) by calling the token endpoint with your refresh token.

Using Your Access Token

Include the access token in the Authorization header when making API requests:

Authorization: Bearer {access_token}
Icon

Token Expiry: Access tokens expire after 60 minutes. Use your refresh token to obtain a new access token before expiry.

Getting Started

For complete details on implementing authentication with Truss, including:

  • Prerequisites and obtaining OAuth credentials
  • Step-by-step OAuth flow implementation
  • Token exchange and refresh procedures
  • Available scopes and permissions
  • Testing in the sandbox environment

See the complete OAuth Integration Guide.

Previous
Introduction
Next
OAuth Integration Guide