Skip to main content
Version: 1.1

How to get an Access Token

Step 1: Make sure you have an account with the required role

To access any API, you need to have an account with a minimum of read access to the API. If you don't have an account or you get errors like {"error":"required scopes api:read not present"}, please contact an administrator.

Step 2: Get the client secret

If you do not have the client secret for the client api-access, please contact an administrator.

Step 3: Get the access token

Now you have all you need to get an access token. You can use the following cURL command to get an access token:

curl --location --request POST 'https://idm.civitas-core.de/auth/realms/civitas-core-datenplattform/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=api-access' \
--data-urlencode 'client_secret={client_secret}' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username={your_username}' \
--data-urlencode 'password={your_password}' \
--data-urlencode 'scope=api:read api:write api:delete'

Replace {client_secret} with the client secret you received in step 2, {your_username} with your username, and {your_password} with your password.

Step 4: Use the access token

You can now use the access token to access the API. Just add the access token to the header of your request. The header is called Authorization and the value is Bearer <access token>. You will see it used in all examples for all APIs in the documentation.