Skip to content
Scalekit Docs
Go to Dashboard

Authenticate with the Scalekit API

This guide explains how to authenticate your server applications with the Scalekit API using the OAuth 2.0 Client Credentials flow. After reading this guide, you’ll be able to:

  • Generate an access token using your API credentials
  • Make authenticated API requests to Scalekit endpoints
  • Handle authentication errors appropriately

This guide targets developers who need to integrate Scalekit services into their backend applications or automate tasks through API calls.

Before you begin

Section titled “Before you begin”

Before starting the authentication process, ensure you have set up your Scalekit account and obtained your API credentials.

Step 1: Configure your environment

Section titled “Step 1: Configure your environment”

Store your API credentials securely as environment variables:

Environment variables
SCALEKIT_ENVIRONMENT_URL="<SCALEKIT_ENVIRONMENT_URL>"
SCALEKIT_CLIENT_ID="<SCALEKIT_CLIENT_ID>"
SCALEKIT_CLIENT_SECRET="<SCALEKIT_CLIENT_SECRET>"

Step 2: Request an access token

Section titled “Step 2: Request an access token”

To authenticate your API requests, you must first obtain an access token from the Scalekit authorization server.

Token endpoint URL

Section titled “Token endpoint URL”
Token endpoint URL
https://<SCALEKIT_ENVIRONMENT_URL>/oauth/token

Send a token request

Section titled “Send a token request”

Choose your preferred method to request an access token:

Terminal window
curl -X POST \
  "https://<SCALEKIT_ENVIRONMENT_URL>/oauth/token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials" \
  -d "client_id=<SCALEKIT_CLIENT_ID>" \
  -d "client_secret=<SCALEKIT_CLIENT_SECRET>" \
  -d "scope=openid profile email"

Understand the token response

Section titled “Understand the token response”

When your request succeeds, the server returns a JSON response with the following fields:

FieldDescription
access_tokenThe token you’ll use to authenticate API requests
token_typeThe token type (always Bearer for this flow)
expires_inToken validity period in seconds (typically 24 hours)
scopeThe authorized scopes for this token

Example token response:

Token response
{
  "access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6InNua181Ok4OTEyMjU2NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "Bearer",
  "expires_in": 86399,
  "scope": "openid"
}

Step 3: Make authenticated API requests

Section titled “Step 3: Make authenticated API requests”

After obtaining an access token, add it to the Authorization header in your API requests.

Terminal window
curl --request GET "https://<SCALEKIT_ENVIRONMENT_URL>/api/v1/organizations" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <access_token>"
Example API response
{
  "next_page_token": "",
  "total_size": 3,
  "organizations": [
    {
      "id": "org_64444217115541813",
      "create_time": "2025-03-20T13:55:46.690Z",
      "update_time": "2025-03-21T05:55:03.416772Z",
      "display_name": "Looney Corp",
      "region_code": "US",
      "external_id": "my_unique_id",
      "metadata": {}
    }
  ],
  "prev_page_token": ""
}

Common authentication issues

Section titled “Common authentication issues”
IssuePossible causeSolution
401 UnauthorizedInvalid or expired tokenGenerate a new access token
403 ForbiddenInsufficient permissionsCheck client credentials scopes
Connection errorNetwork or server issueRetry with exponential backoff

Next steps

Section titled “Next steps”

Now that you can authenticate with the Scalekit API, you can:

  • Browse the complete API reference to discover available endpoints
  • Create a token management service to handle token refreshing
  • Implement error handling strategies for production use