API Authentication
Overview
All ID Dataweb API calls require a Bearer access token. Tokens are obtained by exchanging your API credentials at the /token endpoint and are valid for 600 seconds (10 minutes).
You will need:
- API Key — issued per step in the Admin Console (or use the
forwardApiKeyreturned by the preceding step) - Shared Secret — paired with your API Key
Preproduction credentials are available via your ID Dataweb team or from the Postman collections linked on each Step page.
Token Request
POST https://api.preprod.iddataweb.com/v1/token?grant_type=client_credentials
Authorization: Basic <Base64(apiKey:sharedSecret)>Encode apiKey:sharedSecret as a Base64 string and pass it as the Authorization header value.
const credentials = Buffer.from(`${API_KEY}:${SHARED_SECRET}`).toString('base64');
const tokenRes = await fetch(
'https://api.preprod.iddataweb.com/v1/token?grant_type=client_credentials',
{
method: 'POST',
headers: { 'Authorization': `Basic ${credentials}` }
}
);
const { access_token } = await tokenRes.json();
// access_token is valid for 600 secondsToken Response
{
"access_token": "eyJ...",
"expires_in": "600",
"token_type": "Bearer"
}Using the Token
Pass the access_token as a Bearer token in the Authorization header of all subsequent /slverify and /async-ui calls:
headers: { 'Authorization': `Bearer ${access_token}` }Token Lifecycle
Tokens expire after 600 seconds. Request a new token when the current one expires. In production flows, obtain a fresh token at the start of each verification session rather than caching tokens across sessions.
Production Endpoint
Replace api.preprod.iddataweb.com with api.iddataweb.com for production. All other request parameters are identical.
Related Resources
→ ID Dataweb API Overview | → Gateway (OIDC) Integration | → PII Validation | → Government ID and Selfie Match | → SMS Link
Updated 2 days ago