Skip to main content

🔐 How to authenticate my API

The Cryptr API uses JWTs (Json Web Token) called Access Tokens to authenticate requests. To generate an Access Token, you will need an API key. You'll find them in the Cryptr backoffice or request You could create as many API keys as needed.

See how you can query your Cryptr API in two steps.

Manage your API keys

Sandbox mode API keys have the keysandbox prefix and production mode API keys have the keyproduction prefix. You can also configure the Authorization scope of your keys in order to limit their use to such and such resources (ex: users).


⚠️ Your API keys can give important privileges and compromise the integrity of your user directory and authentications, so be sure to keep them safe! Do not share your API keys in publicly accessible areas such as GitHub, client-side code, etc. Consider using environment variables.

1. How to get an Access Token

Using REST

Cryptr API uses the OAuth Client Credentials grant type. It is the traditional flow for clients to obtain an access token outside of a user's context. This is typically used by clients to access resources about themselves rather than accessing a user's resources. See how to decorate your query to request your Cryptr API with a new Access Token.

💡 if you prefer Postman Authorization tool got to dedicated section


curl --location --request POST 'https://${CRYPTR_INSTANCE_URL}/api/v2/oauth/token' \
--header 'Content-Type: application/json' \
--data-raw '{
"client_id": "${CLIENT_ID}",
"client_secret": "${CLIENT_SECRET}",
"grant_type": "client_credentials",
"domain": "${DOMAIN}"



The client id of your API Key

client_secret KEY REQUIRED

The secret of your API Key


Your own domain.


The value has to be client_credentials

Using Postman Collection Authorization tool

If you are familiar with Postman and prefer to use the Authorization tool for all request in our Postman Collection, proceed as follow:

After Collection fork into your workspace click on the collection and select Authorization tab, then fill as follow

TypeOAuth 2.0
Add auth data toRequest Headers
Header PrefixBearer
Configuration options tab
Grant typeClient credentials
Access Token URLhttps://{{CRYPTR_INSTANCE_URL}}/api/v2/oauth/token
Client IDThe client_id of your API Key
Client SecretThe client_secret_display of your API Key
Client AuthenticationSend client credentials in body
Advanced options tab
AudienceYour tenant domain

Here are some screenshots to help you

Transform an incoming claim

Then you can press Generate new Acces Token button

After that you should have the authorization Bearer header in all Cryptr Doc collection requests.

2. How to query CRYPTR API with the Access Token

Authentication to the API with an Access Token is done via the HTTP Bearer Authorization header like Authorization: Bearer ${ACCESS_TOKEN}', where ${ACCESS_TOKEN} is the access token you fetch before.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.


curl --location --request POST 'https://${CRYPTR_INSTANCE_URL}/api/v2/users' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer ${ACCESS_TOKEN}'

Content-Type: application/json CONTENT TYPE HEADER REQUIRED


Header field for the Access Token with Bearer prefix separated by a whitespace character like :

Bearer ey6IkpXVCJ9.aG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.dQssw5c.