Authentication

The Podiumnet API requires authentication on every request. Two options are available.

Option A — OAuth 2.0 Client Credentials (recommended)

Suitable for server-to-server integrations where you can automatically refresh tokens.

Contact the Podiumnet team for your client_id and client_secret.

Obtain a token

http

POST {KEYCLOAK_URL}/realms/podiumnet/protocol/openid-connect/token
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials&client_id={client_id}&client_secret={client_secret}

Response:

json

{
  "access_token": "eyJ...",
  "expires_in": 300,
  "token_type": "Bearer"
}

Tokens expire after 5 minutes (default). Implement token refresh in your application.

Use the token

Add the token to every API request:

http

Authorization: Bearer {access_token}
X-tenant-id: podiumnet

Option B — Static JWT

For specific use cases (e.g. simple server-to-server integrations), the Podiumnet team can provide a static JWT. Use it the same way as a regular Bearer token:

http

Authorization: Bearer {static_jwt}
X-tenant-id: podiumnet

Static JWTs do not expire automatically. Contact the Podiumnet team to request, rotate, or revoke one.

Example: full authenticated request

http

POST __API_BASE_URL__/entities/filter?limit=20
Authorization: Bearer eyJ...
X-tenant-id: podiumnet
Content-Type: application/json

[
  { "type": "type", "value": "production" }
]

Authentication ​

Option A — OAuth 2.0 Client Credentials (recommended) ​

Obtain a token ​

Use the token ​

Option B — Static JWT ​

Example: full authenticated request ​

Authentication

Option A — OAuth 2.0 Client Credentials (recommended)

Obtain a token

Use the token

Option B — Static JWT

Example: full authenticated request