Authentication

firmato.eu uses OAuth 2.0 with the client_credentials grant. Each partner receives a client_id and client_secret.

Token endpoint

POST /api/v1/oauth/token

Request

• HTTP Basic auth: Authorization: Basic base64(client_id:client_secret)
• Form: grant_type=client_credentials
• Optional: scope (space-separated)

curl -X POST "https://firmato.eu/sign/public/api/v1/oauth/token" \
  -u "YOUR_CLIENT_ID:YOUR_CLIENT_SECRET" \
  -d "grant_type=client_credentials" \
  -d "scope=contracts:write contracts:read invites:send"

Response

{
  "access_token": "....",
  "token_type": "Bearer",
  "expires_in": 3600,
  "scope": "contracts:write contracts:read invites:send"
}

Using the token

Authorization: Bearer <access_token>