Help Center/Getting Started

Authentication overview

6 min read Updated February 15, 2026

Authentication Methods

ComplianceGrid supports one primary authentication method: OAuth 2.0 Bearer tokens obtained via the Client Credentials grant flow. This is the recommended approach for all integrations.

How It Works

1. You create API credentials (client ID + client secret) in the Developer Portal 2. You exchange these credentials for a short-lived Bearer token via the /oauth/token endpoint 3. You include the Bearer token in the Authorization header of every API request 4. Tokens expire after 1 hour — request a new one when needed

Getting a Token

bash
curl -X POST https://sandbox.api.compliancegrid.ai/oauth/token \
  -d "grant_type=client_credentials" \
  -d "client_id=YOUR_CLIENT_ID" \
  -d "client_secret=YOUR_CLIENT_SECRET"

Response:

json
{
  "access_token": "eyJhbGciOiJSUzI1NiI...",
  "token_type": "Bearer",
  "expires_in": 3600,
  "scope": "api"
}

Using the Token

Include the token in every request:

bash
curl -H "Authorization: Bearer $CG_TOKEN" \
  https://sandbox.api.compliancegrid.ai/v1/hs/search?q=cotton

Token Lifecycle

  • Expiration: Tokens are valid for 1 hour (3600 seconds)
  • Refresh: There is no refresh token — simply request a new token when the current one expires
  • Revocation: Use POST /oauth/revoke to invalidate a token immediately
  • Introspection: Use POST /oauth/introspect to check if a token is still valid

Security Best Practices

  • Never expose tokens in client-side code or browser JavaScript
  • Store tokens in memory, not in localStorage or cookies
  • Rotate your API key (client secret) every 90 days
  • Use scoped keys that only have access to the verticals you need
  • Monitor your usage dashboard for unexpected patterns

Was this article helpful?