Skip to main content
POST
/
api
/
v1
/
authorize
/
token
cURL
curl -sS -X POST "$FLUIDE_BASE_URL/api/v1/authorize/token" \
  -H "X-Fluide-Api-Key: $FLUIDE_API_KEY" \
  -H "X-Fluide-Api-Secret: $FLUIDE_API_SECRET" \
  -H "X-Fluide-Client-Id: fluide-developer" \
  -H "X-Workspace-Id: $FLUIDE_WORKSPACE_ID" \
  -H "X-Acting-Company-Id: $FLUIDE_COMPANY_ID" \
  -H "Content-Type: application/json" \
  -d '{}'
{
  "success": true,
  "message": "Operation completed successfully",
  "data": {
    "accessToken": "<string>",
    "jti": "<string>",
    "tenantId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "fluideClientId": "fluide-developer",
    "exp": 123,
    "iat": 123,
    "authContextPath": "/api/v1/auth-context/{jti}"
  }
}

Authorizations

X-Fluide-Api-Key
string
header
default:fl_dev_your_key
required

Developer API key (fl_dev_...). Required on every API call with a machine access token.

X-Fluide-Api-Secret
string
header
required

API secret used only during token exchange. Never send on product routes.

X-Fluide-Client-Id
string
header
default:fluide-developer
required

First-party client audience. Must match the fluide_client_id claim on the JWT. Use fluide-developer for Connect.

Headers

X-Fluide-Api-Key
string
required

Developer API key (fl_dev_...).

X-Fluide-Api-Secret
string
required

API secret — use only on this route, never on product APIs.

X-Fluide-Client-Id
string
default:fluide-developer
required

Must be fluide-developer for Connect integrations.

X-Workspace-Id
string<uuid>

Partner / ISV only: UUID of the workspace that owns the client company. Required together with X-Acting-Company-Id when scoping product APIs to a merchant. See /getting-started/multi-tenancy.

X-Acting-Company-Id
string<uuid>

Partner / ISV only: UUID of the client company to act on. Must belong to the workspace in X-Workspace-Id.

Body

application/json
apiKey
string

Optional if sent via header.

apiSecret
string

Optional if sent via header.

organizationId
string<uuid>

Optional active organization override for the issued token.

Response

Access token issued

success
boolean
required

Whether the request succeeded

Example:

true

message
string
required

Human-readable outcome message (localized when i18n is configured)

Example:

"Operation completed successfully"

data
object

Response payload when success is true