Authentication Guide
BotsKYC uses OAuth2 authentication to secure all API requests. This guide will walk you through getting your credentials and authenticating your requests.
๐ Quick Startโ
Step 1: Create Your Accountโ
- Visit the Developer Portal
- Click "Sign Up" (top right)
- Fill in your details:
- Username
- Password
- First Name
- Last Name
- Click "Sign Up"
- You'll be logged in automatically
Step 2: Create an Applicationโ
- After logging in, click "Applications" in the top menu
- Click "Add New Application"
- Fill in the details:
- Name: Your application name (e.g., "My KYC App")
- Per Token Quota: Select a tier (Bronze/Silver/Gold)
- Description: Brief description of your app
- Click "Save"
Step 3: Subscribe to BotsKYC APIโ
- Click "APIs" in the top menu
- Find and click on "BotsKYC API"
- Click the "Subscribe" button
- Select:
- Application: Choose the application you just created
- Throttling Policy: Select your desired tier
- Click "Subscribe"
Step 4: Generate API Credentialsโ
- Go back to "Applications" and click on your application
- Click the "Production Keys" tab
- Click "Generate Keys"
- Important: Copy and save these credentials securely:
- Consumer Key (Client ID)
- Consumer Secret (Client Secret)
warning
Keep your credentials secure! Never commit them to version control or share them publicly.
๐ Using Your Credentialsโ
Getting an Access Tokenโ
Use the OAuth2 Client Credentials flow to get an access token:
curl -X POST https://api.botskyc.com/oauth2/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials" \
-d "client_id=YOUR_CLIENT_ID" \
-d "client_secret=YOUR_CLIENT_SECRET"
Response:
{
"access_token": "eyJ4NXQiOiJNell4TW1Ga09HWXdNV...",
"scope": "default",
"token_type": "Bearer",
"expires_in": 3600
}
Making API Requestsโ
Include the access token in the Authorization header:
curl https://api.botskyc.com/v1/kyc/health \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"
๐ Token Managementโ
Token Expirationโ
Access tokens expire after 1 hour (3600 seconds). Your application should:
- Store the token and expiration time
- Request a new token before the current one expires
- Handle 401 errors by refreshing the token
Token Refresh Best Practicesโ
// Example: Token management in JavaScript
class TokenManager {
constructor(clientId, clientSecret) {
this.clientId = clientId;
this.clientSecret = clientSecret;
this.token = null;
this.expiresAt = null;
}
async getToken() {
// Return cached token if still valid
if (this.token && Date.now() < this.expiresAt) {
return this.token;
}
// Get new token
const response = await fetch('https://api.botskyc.com/oauth2/token', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: new URLSearchParams({
grant_type: 'client_credentials',
client_id: this.clientId,
client_secret: this.clientSecret,
}),
});
const data = await response.json();
this.token = data.access_token;
this.expiresAt = Date.now() + (data.expires_in * 1000) - 60000; // Refresh 1 min early
return this.token;
}
}
// Usage
const tokenManager = new TokenManager(
process.env.CLIENT_ID,
process.env.CLIENT_SECRET
);
const token = await tokenManager.getToken();
๐ Rate Limiting Tiersโ
Different subscription tiers have different rate limits:
| Tier | Requests/Minute | Requests/Day | Use Case |
|---|---|---|---|
| Bronze | 10 | 1,000 | Testing & Development |
| Silver | 100 | 50,000 | Small Production Apps |
| Gold | 1,000 | 500,000 | Enterprise Applications |
tip
Start with Bronze for testing, then upgrade to Silver or Gold for production.
๐ Security Best Practicesโ
Store Credentials Securelyโ
โ Don't do this:
// Never hardcode credentials
const clientId = "abc123xyz";
const clientSecret = "super-secret-key";
โ Do this instead:
// Use environment variables
const clientId = process.env.BOTSKYC_CLIENT_ID;
const clientSecret = process.env.BOTSKYC_CLIENT_SECRET;
Environment Variablesโ
Create a .env file (and add it to .gitignore):
# .env
BOTSKYC_CLIENT_ID=your_client_id_here
BOTSKYC_CLIENT_SECRET=your_client_secret_here
BOTSKYC_API_BASE_URL=https://api.botskyc.com/v1
Rotate Credentials Regularlyโ
- Go to Developer Portal
- Navigate to your Application โ Production Keys
- Click "Regenerate Secret"
- Update your application with new credentials
๐งช Testing Authenticationโ
Test your authentication setup:
#!/bin/bash
# Set your credentials
export CLIENT_ID="your_client_id"
export CLIENT_SECRET="your_client_secret"
# Get access token
echo "Getting access token..."
TOKEN_RESPONSE=$(curl -s -X POST https://api.botskyc.com/oauth2/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials" \
-d "client_id=$CLIENT_ID" \
-d "client_secret=$CLIENT_SECRET")
echo "Token Response: $TOKEN_RESPONSE"
# Extract token
ACCESS_TOKEN=$(echo $TOKEN_RESPONSE | grep -o '"access_token":"[^"]*' | cut -d'"' -f4)
echo "Access Token: $ACCESS_TOKEN"
# Test API call
echo -e "\nTesting API call..."
curl https://api.botskyc.com/v1/kyc/health \
-H "Authorization: Bearer $ACCESS_TOKEN"
โ Troubleshootingโ
401 Unauthorizedโ
Cause: Invalid or expired token
Solution:
- Verify your credentials are correct
- Request a new access token
- Ensure you're using the correct token format:
Bearer YOUR_TOKEN
403 Forbiddenโ
Cause: Valid token but insufficient permissions
Solution:
- Ensure you've subscribed to the BotsKYC API
- Check your subscription tier allows the operation
- Verify the API is published and available
Token Request Failsโ
Cause: Invalid credentials or network issues
Solution:
- Double-check your Client ID and Secret
- Ensure you're using the correct token endpoint
- Verify network connectivity to api.botskyc.com
๐ Need Help?โ
- Portal: Developer Portal
- Email: support@botskyc.com
- Docs: API Documentation
Next Stepsโ
โ Credentials obtained and tested
Continue to:
- Quick Start Guide - Make your first API call
- API Reference - Explore available endpoints
- Testing Guide - Test your integration