Skip to main content
POST
/
auth
/
token
curl -X POST 'https://api.weir.ai/auth/token' \
  -H 'Content-Type: application/json' \
  -u 'your_client_id:your_secret_key'

{
  "data": {
    "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
    "expiresIn": 3600,
    "tokenType": "Bearer"
  },
  "message": "Access token generated successfully",
  "status": "success"
}

Generate Access Token

Generate access tokens for external API authentication using basic authentication with client credentials. 
curl -X POST 'https://api.weir.ai/auth/token' \
  -H 'Content-Type: application/json' \
  -u 'your_client_id:your_secret_key'

{
  "data": {
    "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
    "expiresIn": 3600,
    "tokenType": "Bearer"
  },
  "message": "Access token generated successfully",
  "status": "success"
}

Authentication

This endpoint uses basic authentication with your client credentials.
Authorization
string
required
Basic authentication header with base64-encoded client credentials. Format: Basic base64(client_id:secret_key)

Request Parameters

No request body parameters are required for this endpoint.

Response Fields

data
object
required
Token data object containing authentication information.
message
string
required
Human-readable message describing the result of the operation.
status
string
required
Operation status. Always “success” for successful token generation.

Error Responses

{
  "error": {
    "code": "INVALID_CREDENTIALS",
    "message": "Invalid client credentials",
    "details": "The provided client ID or secret key is invalid"
  },
  "status": "error"
}
Causes:
  • Invalid client ID
  • Invalid secret key
  • Missing or malformed Authorization header
{
  "error": {
    "code": "RATE_LIMIT_EXCEEDED",
    "message": "Too many token generation requests",
    "details": "Rate limit of 10 requests per minute exceeded"
  },
  "status": "error"
}
Solution: Wait for the rate limit window to reset before making another request.

Usage Examples

const generateAccessToken = async (clientId, secretKey) => {
  const credentials = btoa(`${clientId}:${secretKey}`);
  
  const response = await fetch('https://api.weir.ai/auth/token', {
    method: 'POST',
    headers: {
      'Authorization': `Basic ${credentials}`,
      'Content-Type': 'application/json'
    }
  });
  
  if (!response.ok) {
    throw new Error(`HTTP error! status: ${response.status}`);
  }
  
  const data = await response.json();
  return data.data.accessToken;
};

// Usage
const accessToken = await generateAccessToken('your_client_id', 'your_secret_key');
console.log('Access Token:', accessToken);

Rate Limits

  • Rate Limit: 10 requests per minute per client
  • Burst Limit: 20 requests per 5-minute window

Security Considerations

Important: Never expose your client credentials in client-side code or public repositories. Always use secure storage mechanisms.
  • Store client credentials in environment variables or secure key management systems
  • Use different credentials for different environments (development, staging, production)
  • Rotate credentials regularly for enhanced security
  • Never log or expose credentials in error messages or logs
  • Store access tokens securely and never expose them in client-side code
  • Implement automatic token refresh before expiration
  • Use HTTPS for all API requests
  • Monitor token usage and implement proper error handling

Best Practices

Implement Token Caching

Cache access tokens in memory or secure storage to avoid unnecessary token generation requests.

Handle Token Expiration

Implement automatic token refresh before expiration to ensure uninterrupted API access.

Monitor Rate Limits

Monitor rate limit headers and implement proper backoff strategies when limits are reached.

Error Handling

Implement comprehensive error handling for authentication failures and network issues.
Pro Tip: Implement a token manager class that handles token generation, caching, and automatic refresh to simplify your integration.