0Auth 2.0 standardized access tokens allow authenticated requests to be made to the Pipevest API. This document will guide you on how to create, and delete authentication tokens.

Creating an Auth Token

To create an Auth Token:

Make a POST request to /auth

  curl --request POST \
    --url https://api.pipevest.com/v1/auth\
    --header 'Content-Digest: sha-512=:RK/0qy18MlBSVnWgjwz6lZEWjP/lF5HF9bvEF8FabDg=:' \
    --header 'Content-Length: 18' \
    --header 'Content-Type: application/x-www-form-urlencoded' \
    --header 'Signature: sig1=:OTEyMjY4...A5NTNDMEQ=:' \
    --header 'Signature-Input: sig1=("Authorization" "Content-Digest" "Content-Length" "Content-Type" "X-Client-Id" "X-Idempotency-Key" "@method" "@target-uri" "@path" "@query");keyid="staging-pipevest-ed25519";created=1732893484;expires=1732893584' \
    --header 'X-Idempotency-Key: 123456' \
    ...
    --data 'clientId=123456'
    --data 'clientSecret=some-secret'

The resulting access token has a TTL of 60 mins.

Revoke Auth Token

To revoke an auth token:

Make a DELETE request to /auth

  curl --request DELETE \
    --url https://api.pipevest.com/v1/auth?accessTokenId=123456\
    --header 'Authorization: Bearer 123456' \
    --header 'Signature: sig1=:OTEyMjY4...A5NTNDMEQ=:' \
    --header 'Signature-Input: sig1=("Authorization" "X-Client-Id" "X-Idempotency-Key" "@method" "@target-uri" "@path" "@query");keyid="staging-pipevest-ed25519";created=1732893484;expires=1732893584' \
    --header 'X-Client-Id: 123456' \
    --header 'X-Idempotency-Key: 123456' \

Entity Reference

PropertyDefinition
accessTokenIdUnique access token identifier
accessTokenClient shortlived access token. TTL of 60 mins
expiresInA token’s current TTL
maxTTLA token’s max time to TTL
typeA token’s authorization type
scopeThe authorization scopes associated with token
trustedIpsThe list of ip addresses whitelisted for this client
createdAtCreated at unix timestamp
updatedAtUpdated at unix timestamp
Access token type will always be Bearer

Webhook Subscriptions

SubscriptionDefinitionDomain
AUTHOnly events that deal with authenticationAuthentications
AUTH.CREATEDTriggered when an auth token is createdAuthentications
AUTH.DELETEDTriggered when an auth token is deletedAuthentications

Authentication Concepts

Check out the auth mechanisms used to keep the API secure