CSMS API Authentication

CSMS API Authentication

The Dreev HTTP API is secured with OAuth 2.0.

The CSMS is an OAuth Client, and will have confidential credentials: Client ID and Secret Client.

Obtaining an Access Token

The Client must exchange its credentials for an Access Token via an HTTP POST request, following the standard OAuth 2.0 Client Credentials grant.

  • URL :
    • Staging: https://auth.staging.dreev.net/oauth2/token
    • Production: https://auth.production.dreev.net/oauth2/token
  • Headers :
    • Content-Type: application/x-www-form-urlencoded
    • HTTP Basic authentication: The Authorization header contains the Client ID and Client Secret as username/password, separated by : and encoded in base64 :
      Authorization: Basic Base64($CLIENT_ID:$CLIENT_SECRET)
  • Parameters :
    • grant_type=client_credentials (fixed value)


POST /oauth2/token HTTP/1.1
Host: auth.production.dreev.net
Authorization: Basic ZWRpc29uX2NsaWVudF9pZDplZGlzb25fY2xpZW50X3NlY3JldAo=
Content-Type: application/x-www-form-urlencoded


In the example above :

  • Client ID = my_client_id
  • Client Secret = my_client_secret
  • Base64("my_client_id:my_client_secret")ZWRpc29uX2NsaWVudF9pZDplZGlzb25fY2xpZW50X3NlY3JldAo=

Accessing endpoints

When calling API Endpoints, the Client must provide its Access Token in the Authorization header of each HTTP request in the following form:
Authorization: Bearer $ACCESS_TOKEN


POST /trips HTTP/1.1
Host: csms.production.dreev.net
Authorization: Bearer eyJhbGciOiJIUz...
Content-Type: application/json


In this example, the Access Token is eyJhbGciOiJIUz...