Skip to main content

Step 3: Generate Access Token

All Consent Manager APIs are protected and require a valid Access Token.

You must generate an access token using your Client ID and Client Secret via HTTP Basic Authentication.


🔐 Authentication Mechanism

The token API uses Basic Authentication.

Your client_id and client_secret must be:

  1. Concatenated using a colon

    client_id:client_secret

  2. Base64 encoded

  3. Sent in the Authorization header:

    Authorization: Basic base64(client_id:client_secret)


Token Endpoint

Method: GET

Staging

https://staging.indiaconsent.com/api/auth/v1/df/token

Production

https://www.indiaconsent.com/api/auth/v1/df/token


Request Headers

HeaderValue
Content-Typeapplication/json
AuthorizationBasic base64(client_id:client_secret)

⚠️ No request body is required.


Sample Request


GET /api/auth/v1/df/token
Authorization: Basic ZGYteHh4eHh4eDp5eXl5eXl5eXk=
Content-Type: application/json


Sample Response

{  
"token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
"tokenType": "Bearer",
"expiresInSeconds": 900
}

Sample Code


import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.nio.charset.StandardCharsets;
import java.time.Duration;
import java.util.Base64;

public class TokenGeneration {

private static final String CONSENT_MGR_URL = "https://staging.indiaconsent.com";

public static void main(String[] args) throws Exception {

// ---------- Load credentials from environment ----------
String clientId = System.getenv("CM_CLIENT_ID");
String clientSecret = System.getenv("CM_CLIENT_SECRET");

if (clientId == null || clientSecret == null) {
throw new IllegalArgumentException("Set CM_CLIENT_ID and CM_CLIENT_SECRET environment variables.");
}

// ---------- Create HTTP Client with timeout ----------
HttpClient httpClient = HttpClient.newBuilder()
.connectTimeout(Duration.ofSeconds(10))
.build();

// ---------- Generate Basic Auth ----------
String basicAuth = Base64.getEncoder()
.encodeToString((clientId + ":" + clientSecret)
.getBytes(StandardCharsets.UTF_8));

// ---------- Step 1: Get Access Token ----------
HttpRequest tokenRequest = HttpRequest.newBuilder()
.uri(URI.create(CONSENT_MGR_URL + "/api/auth/v1/df/token"))
.GET()
.header("Authorization", "Basic " + basicAuth)
.header("Content-Type", "application/json")
.timeout(Duration.ofSeconds(30))
.build();

HttpResponse<String> tokenResponse = httpClient.send(
tokenRequest,
HttpResponse.BodyHandlers.ofString()
);

if (tokenResponse.statusCode() != 200) {
throw new RuntimeException("Token API failed: " + tokenResponse.body());
}

// ---------- Extract token manually (no external JSON lib) ----------
String token = extractJsonValue(tokenResponse.body(), "token");

if (token == null) {
throw new RuntimeException("Token not found in response");
}

System.out.println("Access Token: " + token);
}

/**
* Simple JSON key extractor without external libraries.
* Works for flat JSON responses like:
* { "token": "abc123" }
*/
private static String extractJsonValue(String json, String key) {
String pattern = """ + key + "":";
int index = json.indexOf(pattern);
if (index == -1) return null;

int start = json.indexOf(""", index + pattern.length()) + 1;
int end = json.indexOf(""", start);

if (start == 0 || end == -1) return null;

return json.substring(start, end);
}
}