Guides
Start typing to search…

Authentication

Client Credentials Flow

The Lumanu Partner API uses OAuth 2.0 client credentials flow for authentication. This provides secure access for server-to-server API requests.

Getting Access Tokens

  1. You will receive a Client ID and Client Secret from Lumanu
  2. Exchange these credentials for an access token by making a POST request to the appropriate authentication endpoint for your environment:
POST https://{environment-auth-domain}/oauth/token
Content-Type: application/json

{
    "client_id": "{your_client_id}",
    "client_secret": "{your_client_secret}",
    "audience": "{api-base-domain}",
    "grant_type": "client_credentials"
}

Example response:

{
    "access_token": "eyJhbGc...",
    "token_type": "Bearer"
}

Using Access Tokens

Add an Authorization header to API requests where the value is Bearer plus the access token you received:

Authorization: Bearer eyJhbGc...

Token Lifecycle

  • Access tokens are valid for 24 hours (86400 seconds)
  • Request a new token when the current token expires
  • Store tokens securely and never expose them in client-side code
  • Do not share tokens between different integrations

Updated 27 days ago