Authentication

At Credit Clear, we provide a versatile array of authentication methods for webhook access, ensuring a tailored solution for your specific needs. When you register with us, you have the liberty to select your preferred authentication method, and we will guarantee that all API calls to your system are equipped with the appropriate authentication header.

We offer support for the following authentication approaches:

Basic Authentication

This method employs a basic token system, offering a robust and secure means of authentication through a base64-encoded username and password. Credit Clear appends an authorization header as follows:

Authorization: Basic <base64EncodedUsernameAndPassword>

API Key

Credit Clear also supports API Key authentication by including your API Key in the authorization header as follows:

Authorization: <ApiKey>

Access Tokens

For a streamlined authentication process, we support Access Tokens. Credit Clear appends an authorization to each webhook call as follows:

Authorization: <tokenType> <token>

Static Bearer Tokens

This authentication method uses a statically defined bearer token that is sent with every request

Authorization: Bearer <bearerToken>

OAuth Tokens

In this authentication method, we call your token server to get a short-lived access token. This token is cached using expiry information returned with the token.

The token server must return the token in JSON format and must contain the access token, the token type and the expiry in seconds. Here's an example (the field names can be customized):

{
    "token_type": "Bearer",
    "expires_in": 3600,
    "access_token": "<token>"
}

To authenticate with the token server, the following methods are supported

• Basic auth with username and password - the following header is added to the request to the token server.

  HTML

  Authorization: Basic <base64EncodedUsernameAndPassword>
  

• FormData - Credit Clear will send form data you define to the token server. Here's an example payload for OAuth:

  HTML

  client_id: ABCD123
  scope: https://company.onmicrosoft.com/customscope/.default
  grant_type: client_credentials
  client_secret: <secret>
  

• JSON - Credit Clear will send a json payload that you define to the token server. Here's an example payload for OAuth:

  JSON

  {
    "grant_type": "client_credentials",
    "client_id": "ABC123",
    "client_secret": "<secret>",
    "scope": "https://company.onmicrosoft.com/customscope/.default"
  }
  

Choose the authentication method that best aligns with your security and integration prerequisites during the signup process, and Credit Clear will seamlessly integrate it into your webhook configuration. Should you require further clarification or assistance with authentication, please do not hesitate to reach out to our dedicated support team.