Authentication

All requests to the Tesser API must include a valid access token. Tokens are generated using your API credentials, which are provisioned in the Tesser Dashboard.

Credentials

Each workspace has a Client ID and Client Secret pair. You can find these in the Tesser Dashboard under Settings > API Keys. Keep your client secret secure and never expose it in client-side code or public repositories.

Generate an API Token

To obtain an access token, send a POST request to the Tesser token endpoint with your credentials:

Code
 
curl --request POST \
  --url https://auth.tesser.xyz/oauth/token \
  --header 'Content-Type: application/json' \
  --data '{
    "client_id": "YOUR_CLIENT_ID",
    "client_secret": "YOUR_CLIENT_SECRET",
    "audience": "https://api.tesser.xyz",
    "grant_type": "client_credentials"
  }'

Token Response

A successful request returns a JSON response containing your access token:

Code
 
{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6Ikp...",
  "token_type": "Bearer",
  "expires_in": 86400
}

Using the Token

Include the access token in the Authorization header of every API request:

Code
 
curl --request GET \
  --url https://api.tesser.xyz/counterparties \
  --header 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6Ikp...'

Token Expiration

Tokens expire after the duration specified in expires_in (default 24 hours). When a token expires, the API returns a 401 Unauthorized response.

To maintain uninterrupted access:

• Request a new token before the current one expires.
• Do not cache tokens indefinitely.
• There are no refresh tokens. Simply request a new token using the same credentials.