API Reference

🔐Authentication

This guide explains how to authenticate with the A55 API using the OAuth2 client credentials flow.


✅ Steps for Authentication

  1. Obtain Client Credentials
    You need a client_id and client_secret provided during onboarding. 👉 For credentials, contact: [email protected]

  2. Request Access Token
    Send a request to the Cognito token endpoint using your credentials.

  3. Use Access Token
    Include the access_token in the Authorization header of all API requests.


🎯 Request Access Token

import requests

def get_access_token():
    url = "https://smart-capital.auth.us-east-1.amazoncognito.com/oauth2/token"
    payload = {
        "grant_type": "client_credentials",
        "client_id": "YOUR_CLIENT_ID",
        "client_secret": "YOUR_CLIENT_SECRET"
    }
    headers = {
        "Content-Type": "application/x-www-form-urlencoded"
    }
    response = requests.post(url, data=payload, headers=headers)
    return response.json()["access_token"]
curl -X POST "https://smart-capital.auth.us-east-1.amazoncognito.com/oauth2/token"      -H "Content-Type: application/x-www-form-urlencoded"      -d "grant_type=client_credentials"      -d "client_id=YOUR_CLIENT_ID"      -d "client_secret=YOUR_CLIENT_SECRET"

📥 Example Token Response

{
  "access_token": "eyJraWQiOiJLTzZ...",
  "expires_in": 3600,
  "token_type": "Bearer"
}

🔐 Use Access Token

def get_resource(access_token):
    url = "https://core-manager.a55.tech/api/v1/"
    headers = {
        "Authorization": f"Bearer {access_token}"
    }
    response = requests.get(url, headers=headers)
    return response.json()
curl -X GET "https://core-manager.a55.tech/api/v1/"      -H "Authorization: Bearer YOUR_ACCESS_TOKEN


🔄 Authentication Flow

sequenceDiagram
    participant Client
    participant Oauth2
    participant API

    Client->>Oauth2: POST /oauth2/token (client_id, client_secret)
    Oauth2-->>Client: Access Token
    Client->>API: GET /resource (Authorization: Bearer <token>)
    API-->>Client: Resource Data

⚠️ Notes

  • Access tokens are valid for a limited time (e.g., 3600s).
  • Store client_secret securely. Never expose it in front-end apps.
  • Always use HTTPS to protect your credentials and tokens.