Authentication

Overview

NVU API uses Token Authentication to secure all endpoints. To interact with the API, you must first obtain an access token and include it in the Authorization header of your requests.

Getting Started

Prerequisites

Before you can authenticate, you need:

Client ID: Your unique client identifier
Client Secret: Your confidential client secret key

info

If you don't have these credentials or you lost them, please contact your API administrator or account manager to obtain them.

Authentication Process

To get an access token, send a POST request to the authentication endpoint with your client credentials.

curl -X POST https://en-nvu-backend-dev-hxfngyeqc2bqarck.z01.azurefd.net/authentication-tokens \
  -H "Content-Type: application/json" \
  -d '{
    "clientId": "your-client-id",
    "clientSecret": "your-client-secret"
  }'

Successful Response (200 OK):

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Once you have obtained an access token, include it in the Authorization header of all API requests.

Bash
C#
JavaScript

curl -X GET https://en-nvu-backend-dev-hxfngyeqc2bqarck.z01.azurefd.net/stock \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

using System.Net.Http;
using System.Net.Http.Headers;

var client = new HttpClient();
client.DefaultRequestHeaders.Authorization = 
    new AuthenticationHeaderValue("Bearer", "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...");

var response = await client.GetAsync("https://api.example.com/api/resource");

fetch('https://api.example.com/api/resource', {
  method: 'GET',
  headers: {
    'Authorization': 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...',
    'Content-Type': 'application/json'
  }
})
.then(response => response.json())
.then(data => console.log(data));

Token Management

Token Expiration

Access tokens have a limited lifetime (specified in the expiresIn field). After expiration, you must request a new token using your client credentials.

Best Practices:

Store the expiresIn value and request a new token before expiration
Implement automatic token refresh in your application
Handle 401 Unauthorized responses by requesting a new token

Token Storage

warning

Keep your access tokens secure and private!

Never expose tokens in client-side code or public repositories
Store tokens securely (e.g., environment variables, secure storage)
Use HTTPS for all API requests to prevent token interception
Treat access tokens with the same security as passwords

FAQ

How long is the access token valid?

The token validity period is returned in the expiresIn field (in seconds). Typical values range from 1 hour to 24 hours.

Do I need to request a new token for every API call?

No. Reuse the same token for multiple requests until it expires. Requesting a new token for each call is inefficient and may result in rate limiting.

What should I do if my token expires during a request?

If you receive a 401 Unauthorized response, request a new token and retry the original request.

How do I rotate my client secret?

Contact your API administrator to generate new credentials. Ensure your applications are updated before the old credentials are revoked.

Overview​

Getting Started​

Prerequisites​

Authentication Process​

Token Management​

Token Expiration​

Token Storage​

FAQ​

How long is the access token valid?​

Do I need to request a new token for every API call?​

What should I do if my token expires during a request?​

How do I rotate my client secret?​