Skip to main content
OAuth 2.0 standardized access tokens allow authenticated requests to be made to the Pipevest API. This document will guide you on how to create, and delete authentication tokens.

Creating an Auth Token

To create an Auth Token:
Make a POST request to /oauth/token
  curl --request POST \
    --url https://api.pipevest.com/v1/oauth/token\
    --header 'Content-Digest: sha-512=:RK/0qy18MlBSVnWgjwz6lZEWjP/lF5HF9bvEF8FabDg=:' \
    --header 'Content-Length: 18' \
    --header 'Content-Type: application/x-www-form-urlencoded' \
    --header 'Signature: sig1=:OTEyMjY4...A5NTNDMEQ=:' \
    --header 'Signature-Input: sig1=("Authorization" "Content-Digest" "Content-Length" "Content-Type" "X-Client-Id" "X-Idempotency-Key" "@method" "@target-uri" "@path" "@query");keyid="staging-pipevest-ed25519";created=1732893484;expires=1732893584' \
    --header 'X-Idempotency-Key: <idempotency-key>' \
    ...
    --data 'clientId=<client-id>'
    --data 'clientSecret=<client-secret>'
The resulting access token has a TTL of 60 mins.

Revoke Auth Token

To revoke an auth token:
Make a POST request to /oauth/revoke
  curl --request POST \
    --url https://api.pipevest.com/v1/oauth/revoke\
    --header 'Authorization: Bearer <access-token>' \
    --header 'Signature: sig1=:OTEyMjY4...A5NTNDMEQ=:' \
    --header 'Signature-Input: sig1=("Authorization" "X-Client-Id" "X-Idempotency-Key" "@method" "@target-uri" "@path" "@query");keyid="staging-pipevest-ed25519";created=1732893484;expires=1732893584' \
    --header 'X-Client-Id: <client-id>' \
    --header 'X-Idempotency-Key: <idempotency-key>' \

Entity Reference

PropertyDefinition
messageAuthentication response message
tokenIdUnique access token identifier
tokenClient shortlived access token. TTL of 60 mins
expiresInA token’s current TTL
maxTTLA token’s max time to TTL
tokenTypeA token’s authorization type
scopeThe authorization scopes associated with token
trustedIpsThe list of ip addresses whitelisted for this client
organizationAn object containing id, name and clientId
createdAtCreated at unix timestamp
updatedAtUpdated at unix timestamp
Access token tokenType will always be Bearer

Webhook Subscriptions

SubscriptionDefinitionDomain
AUTHOnly events that deal with authenticationAuthentications
AUTH.CREATEDTriggered when an auth token is createdAuthentications
AUTH.DELETEDTriggered when an auth token is deletedAuthentications

Authentication Concepts

Check out the auth mechanisms used to keep the API secure