Develop & Integrate
Protect & CapitalExplorerTDXUser & Technical Guides

Bearer Authentication

POST https://your-protect-instance.example.com/api/rest/v1/authentication/token

Basic Description

Bearer Authentication uses JWTs with a default validity of 30 minutes. To obtain a JWT Bearer Authentication Token, you need to pass your Taurus-PROTECT credentials to the api/rest/v1/authentication/token endpoint as described in the examples below.

Required Roles:

TPUser

Required Input Parameters

This is a POST method with the following json structure as input in the body of the call:

{
  "email": "[email protected]",
  "password": "secret",
  "totp": "12345",
  "username": "john_example" 
}

password: This is a required parameter. The value of this field is the clear text password of the user determined by one of the options below.

Pick one of two ways to identify the user:
username: The username given to the user on creation.
email: The email address of the user.
If multi factor authentication is enabled for the user, use the totp parameter to set the one time token.

📘

Preconditions

It is important to note that the user credentials required for this endpoint need to pre-exist on the system. You will not be able to perform this call without valid credentials on Taurus-PROTECT.

Call Example

You can find a basic example in cURL below.
Please note that you will need to update the BASEURL for the command to function.

export BASEURL=https://taurus-protect-instance.com
curl --location '$BASEURL/api/rest/v1/authentication/token' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--data-raw '{
  "email": "[email protected]",
  "password": "1234567896"
}'

This piece of code sends a POST request to https://your-protect-instance.example.com/api/rest/v1/authentication/token with the JSON string in the request body.

👍

Call Result

A successful response for the POST call to create a wallet might look like this:

{
    "result": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MTEsImV4dGVybmFsVXNlcklEIjoidGVhbTFAYmFuay5jb20iLCJ0ZW5hbnRJRCI6MSwiY2FwaXRhbFRlbmFudElEIjoxLCJmaXJzdG5hbWUiOiJKb2huIiwibGFzdG5hbWUiOiJUMSIsInJvbGVzIjpbInByaWNldXBkYXRlciIsIndoaXRlbGlzdGVkYWRkcmVzc2NyZWF0b3IiLCJyZXF1ZXN0YXBwcm92ZXIiLCJhZG1pbnJlYWRvbmx5IiwidHB1c2VyIiwic3VwZXJhZG1pbnJlYWRvbmx5Iiwic2lnbmV0dXNlciIsInJlcXVlc3RjYW5jZWxlciIsInJlcXVlc3RjcmVhdG9yIiwiYWNjb3VudGNyZWF0b3IiLCJvcGVyYXRvciIsImF1ZGl0dmlld2VyIiwid2hpdGVsaXN0ZWRhZGRyZXNzYXBwcm92ZXIiLCJmaWxldXBsb2FkZXIiLCJmaWxlZG93bmxvYWRlciJdLCJlbWFpbCI6InRlYW0xQGJhbmsuY29tIiwidXNlcm5hbWUiOiJ0ZWFtMUBiYW5rLmNvbSIsImp3dF9yZW5ld2FibGVfYW1vdW50IjowLCJpc190b3RwX2VuYWJsZWQiOmZhbHNlLCJhdXRoX3N0YXR1cyI6IlNVQ0NFU1MiLCJsYXN0X2xvZ2luIjoiMjAyMy0wNC0xMVQxMjo1MToxNi4xNDk3NDQyMzJaIiwibG9nZ2VkX2luX3dpdGhfc3NvIjpmYWxzZSwia2V5IjoiIiwiZXhwIjoxNjgxMjE5Mjc2LCJpYXQiOjE2ODEyMTc0NzZ9.b78pV3miSns-ZTMqPRafzfZl8Z12L5Fu_yMBCdj1wNk"
}

The value of the result above is a JWT. When decoded you will find it to contain token claims such as username, roles and more. One important token claim restricts the lifetime of the token with a default validity of 30 minutes.

You can find the Swagger-generated page for this endpoint in the following link.

Updated 22 days ago



  © 2025 Taurus SA. All rights reserved.