Skip to main content

Generate Access Tokens

Now that you have a clientID and clientSecret key for a Nitro application, you can generate access tokens to make requests to the Nitro Sign Public API. To do this, make a POST request to our authorization service /oauth/token endpoint. Auth Endpoint Documentation Example: 
curl -X POST https://api.gonitro.dev/oauth/token \
  -H "Content-Type: application/json" \
  -d '{
    "clientID": "<nitro_app_id>",
    "clientSecret": "<your_app_secret>"
  }'
This will return a JSON response with your token and its expiry time (in milliseconds), For example: 
{
  "accessToken": "eyJhbGciOiJIUzM4NCIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyQGV4YW1wbGUuY29tIiwiaWF0IjoxNjQyNzg5MjAwLCJleHAiOjE2NDI4NzU2MDB9.signature_here",
  "tokenType": "Bearer",
  "expiresIn": 86400
}

Cache Access Token

Once you receive your token, you should store it in a temporary cache or your database so you can reuse it while still valid. A common approach is to store the token in an in-memory cache like Redis, setting its expiry to match the expiresIn value returned by the API. This ensures the token is automatically invalidated when it expires. Alternatively, you can store it in a database and implement custom logic to update it.

Renew Token

It’s a common practice to implement a routine in your code that automatically renews the access token when needed. This should be triggered in the following cases:
  • A request fails with an Unauthorized (401) response
  • No cached token is available. For example, at application startup or when token expired in the in-memory cache (Redis).
The routine should then request a new token, store it, and retry the original request using the updated credentials.

Next steps

With your client credentials and access tokens in hand, you’re ready to test your API access by making your first API call!
I