API reference
Transmit Security builds every feature using an API-first approach, to give you APIs that are consistent, reusable, and well-designed. This lets you to create great identity experiences for your users, and develop better products—faster.
Authentication
All API requests must be made over HTTPS. Depending on the API, authentication is performed either using:
- Client ID only
- Client ID and Client Secret
-
OAuth2 Access Token in the
Authorization
header using Bearer authentication scheme
Access tokens
As needed, OAuth2 access tokens can be generated using client credentials retrieved from the Admin Portal.
For user-facing APIs (such as authorized Authentication APIs), these credentials correspond to the application the user wants to access. APIs that require an existing user session (such as Verification APIs) are authorized using the access token returned upon successful user authentication.
For Management APIs, credentials either correspond to a Management Application to provide access to all apps of the tenant, or corresponding to application credentials and only process access to this application.
Tip
See Authorization to generate access tokens to run API calls right from the docs, using the Try it button.
Errors
Conventional HTTP response codes are used to indicate the success or failure of an API call:
-
2xx
or3xx
codes indicate success -
5xx
indicate a Transmit Server server error (rare) -
4xx
codes indicate other failures (missing params, unauthorized, applicative errors, etc.)