Step 3: Generate Access Token
All Consent Manager APIs are protected and require a valid Access Token.
You must generate an access token using your Client ID and Client Secret via HTTP Basic Authentication.
🔐 Authentication Mechanism
The token API uses Basic Authentication.
Your client_id and client_secret must be:
-
Concatenated using a colon
client_id:client_secret
-
Base64 encoded
-
Sent in the
Authorizationheader:Authorization: Basic
base64(client_id:client_secret)
Token Endpoint
Method: GET
Staging
https://staging.indiaconsent.com/api/auth/v1/df/token
Production
https://www.indiaconsent.com/api/auth/v1/df/token
Request Headers
| Header | Value |
|---|---|
| Content-Type | application/json |
| Authorization | Basic base64(client_id:client_secret) |
⚠️ No request body is required.
Sample Request
GET /api/auth/v1/df/token
Authorization: Basic ZGYteHh4eHh4eDp5eXl5eXl5eXk=
Content-Type: application/json
Sample Response
{
"token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
"tokenType": "Bearer",
"expiresInSeconds": 900
}
Sample Code
- Java
- Springboot
- Python
- NodeJS
- Curl
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.nio.charset.StandardCharsets;
import java.time.Duration;
import java.util.Base64;
public class TokenGeneration {
private static final String CONSENT_MGR_URL = "https://staging.indiaconsent.com";
public static void main(String[] args) throws Exception {
// ---------- Load credentials from environment ----------
String clientId = System.getenv("CM_CLIENT_ID");
String clientSecret = System.getenv("CM_CLIENT_SECRET");
if (clientId == null || clientSecret == null) {
throw new IllegalArgumentException("Set CM_CLIENT_ID and CM_CLIENT_SECRET environment variables.");
}
// ---------- Create HTTP Client with timeout ----------
HttpClient httpClient = HttpClient.newBuilder()
.connectTimeout(Duration.ofSeconds(10))
.build();
// ---------- Generate Basic Auth ----------
String basicAuth = Base64.getEncoder()
.encodeToString((clientId + ":" + clientSecret)
.getBytes(StandardCharsets.UTF_8));
// ---------- Step 1: Get Access Token ----------
HttpRequest tokenRequest = HttpRequest.newBuilder()
.uri(URI.create(CONSENT_MGR_URL + "/api/auth/v1/df/token"))
.GET()
.header("Authorization", "Basic " + basicAuth)
.header("Content-Type", "application/json")
.timeout(Duration.ofSeconds(30))
.build();
HttpResponse<String> tokenResponse = httpClient.send(
tokenRequest,
HttpResponse.BodyHandlers.ofString()
);
if (tokenResponse.statusCode() != 200) {
throw new RuntimeException("Token API failed: " + tokenResponse.body());
}
// ---------- Extract token manually (no external JSON lib) ----------
String token = extractJsonValue(tokenResponse.body(), "token");
if (token == null) {
throw new RuntimeException("Token not found in response");
}
System.out.println("Access Token: " + token);
}
/**
* Simple JSON key extractor without external libraries.
* Works for flat JSON responses like:
* { "token": "abc123" }
*/
private static String extractJsonValue(String json, String key) {
String pattern = """ + key + "":";
int index = json.indexOf(pattern);
if (index == -1) return null;
int start = json.indexOf(""", index + pattern.length()) + 1;
int end = json.indexOf(""", start);
if (start == 0 || end == -1) return null;
return json.substring(start, end);
}
}
import org.springframework.core.io.ClassPathResource;
import org.springframework.http.*;
import org.springframework.web.client.RestTemplate;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
public class ConsentRequestClient {
private static final String CONSENT_MGR_URL = "https://staging.indiaconsent.com";
private static final ObjectMapper MAPPER = new ObjectMapper();
public static void main(String[] args) throws Exception {
// ---------- Load credentials from environment ----------
String clientId = System.getenv("CM_CLIENT_ID");
String clientSecret = System.getenv("CM_CLIENT_SECRET");
if (clientId == null || clientSecret == null) {
throw new IllegalArgumentException("Client credentials not set in environment variables");
}
// ---------- Generate Basic Auth header ----------
String basicAuth = Base64.getEncoder()
.encodeToString((clientId + ":" + clientSecret).getBytes(StandardCharsets.UTF_8));
HttpHeaders tokenHeaders = new HttpHeaders();
tokenHeaders.setContentType(MediaType.APPLICATION_JSON);
tokenHeaders.set(HttpHeaders.AUTHORIZATION, "Basic " + basicAuth);
RestTemplate restTemplate = new RestTemplate();
// ---------- Call Token API ----------
ResponseEntity<String> tokenResponse = restTemplate.exchange(
CONSENT_MGR_URL + "/api/auth/v1/df/token",
HttpMethod.GET,
new HttpEntity<>(tokenHeaders),
String.class);
if (!tokenResponse.getStatusCode().is2xxSuccessful()) {
throw new RuntimeException("Failed to generate token: " + tokenResponse.getBody());
}
JsonNode tokenJson = MAPPER.readTree(tokenResponse.getBody());
String accessToken = tokenJson.path("token").asText(null);
if (accessToken == null) {
throw new RuntimeException("Token not present in response");
}
System.out.println("Access Token: " + accessToken);
}
}
import os
import base64
import requests
import json
CONSENT_MGR_URL = "https://staging.indiaconsent.com"
client_id = os.getenv("CM_CLIENT_ID")
client_secret = os.getenv("CM_CLIENT_SECRET")
# Generate Basic Auth header
basic_auth = base64.b64encode(f"{client_id}:{client_secret}".encode()).decode()
token_headers = {
"Authorization": f"Basic {basic_auth}",
"Content-Type": "application/json"
}
# Get token
token_response = requests.get(
f"{CONSENT_MGR_URL}/api/auth/v1/df/token",
headers=token_headers
)
token_response.raise_for_status()
access_token = token_response.json().get("token")
print("Access Token:", access_token)
const axios = require("axios");
const CONSENT_MGR_URL = "https://staging.indiaconsent.com";
const clientId = process.env.CM_CLIENT_ID;
const clientSecret = process.env.CM_CLIENT_SECRET;
const basicAuth = Buffer.from(`${clientId}:${clientSecret}`).toString("base64");
async function generateToken() {
// Get token
const tokenResponse = await axios.get(
`${CONSENT_MGR_URL}/api/auth/v1/df/token`,
{
headers: {
Authorization: `Basic ${basicAuth}`,
"Content-Type": "application/json"
}
}
);
const accessToken = tokenResponse.data.token;
console.log("Access Token:", accessToken);
}
generateToken();
curl -X GET https://staging.indiaconsent.com/api/auth/v1/df/token -u client-id:client-secret -H "Content-Type: application/json"