Authentication

Tyro Connect’s APIs require authentication, and Tyro Connect’s authorisation server uses the OAuth 2.0 Client Credentials Flow to authenticate partner systems.

To get started, you must first request a set of credentials from Tyro Connect, once provided these credentials will contain two values a client_id and client_secret.

Each request to a Tyro Connect API is authenticated with a JWT (JSON Web Token). To obtain a JWT a partner must make a request to the /oauth/token end point of the authorisation server.

Best Practice Tips

The credentials we provide you with are private and should be stored securely.
Each JWT expires after 12 hours. Partners are encouraged to monitor the expiry of their token and refresh expired tokens prior to making calls to any of the APIs.

Authorisation Server Rate Limits

If a Partner requests more than 12 tokens within an 11-hour period the authorisation server will reject the requests. Please make sure you cache your tokens and only request a token when it is about to expire.

You can try it out and generate a code snippet below, make sure to save the result as the returned access_token can be used for making any other REST API requests.

curl
C#
Node.js

curl -i -X POST \
  https://auth.connect.tyro.com/oauth/token \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d client_id=ProvidedByTyro \
  -d client_secret=BruceWIsAGhost \
  -d grant_type=client_credentials \
  -d audience=https://app.connect.tyro

A successful response contains:

access_token: This is the JSON Web Token (JWT) that you will use to make authenticated requests to Tyro Connect. You must pass the retrieved Access Token as a Bearer token in the Authorization header of your Tyro Connect REST API request.
expires_in: This is the number of seconds until the Access Token expires. Please use this value to determine when to request a new access_token and to respect the rate limits of the authorisation server.
token_type: This value is always Bearer.