V2 API Authentication

Find out about our new way of making authenticated calls to Chatlayer APIs.

We are moving away from long lived Access Tokens to authenticate against our APIs in favour of short-lived tokens that can be retrieved by following a Client Credentials flows using Client ID/Client Secret pairs.

Supported API Services

The following services support the V2 authentication:

  • Machine Learning Services (NLP, Completions)

  • Chatlayer GraphQL API

The Chatlayer V1 REST API will use the Access Token based authentication for the foreseeable future.

Creating Access Credentials

In the Chatlayer App, go to Settings - Credentials and open the "Access Credentials" tab.

Press the "Generate Credentials" button

Choose a fitting name and role for the new Access Credential.

Currently, the available roles are:

Admin Admins have access to all bots and can create or delete team members

Member Members can only access OPEN bots or RESTRICTED bots to which they have access. They cannot create or delete team members.

Once you press Create, your Access Credentials are immediately available.

Make sure you've noted down the Client Secret - you can no longer retrieve it after you close the modal.

Retrieving & using Access Tokens

1 - Exchanging Access Credentials for Access Tokens

Once you have your API Access Credentials (Client ID, Client Secret pair), you can request your API Access Token from the Chatlayer Authentication Service.

Example of retrieving an Access Token through curl:

curl --location --request POST 'https://auth.prod.europe-west1.gc.chatlayer.ai/auth/realms/Chatlayer/protocol/openid-connect/token' --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'grant_type=client_credentials' --data-urlencode 'client_id=your-client-id' --data-urlencode 'client_secret=your-client-secret'

The Authentication Service will return a JSON payload containing the access_token.

  "access_token": "eyJhbGciOi...",
  "expires_in": 300,
  "refresh_expires_in": 0,
  "token_type": "Bearer",
  "not-before-policy": 0,
  "scope": "offline_access profile public_api email"

Access tokens are valid for 5 minutes, after which you will have to request a new token using the same url. You should automate your application to retrieve a new token within 5 minutes.

The Access Token can then be used to Authenticate against the Chatlayer API Services that support this way of authenticating.

2 - Using Access Tokens

To use the Access Token, simply add it as part of the "Authorization" header of your requests to our API services. Make sure to prefix the token with the Bearer payload.

Authorization: Bearer <<your_access_token>>

Last updated