Skip to main content
Version: Node.js

API Authentication

This guide explains how to authenticate with Glide services when using the raw HTTP APIs. Understanding these authentication methods is crucial for secure integration with Glide's telecom-powered security features.

Authentication Methods Overview

Glide uses different authentication methods based on service requirements. All methods result in an access token, which comes in two types:

  1. Application Access Tokens
  2. User Access Tokens

Application Access Tokens

These tokens authenticate your application, allowing it to access Glide APIs on its own behalf.

Use Case: Services like Magical Auth How to Obtain: Client Credentials Flow

  • Client Credentials Flow: To obtain an Application Access Token, send a request to the token endpoint with your client ID, client secret, and the desired service scope. The response will include an access token that you can use to authenticate API calls to the specified service.

User Access Tokens

These tokens authenticate both the user and your application, allowing access to Glide APIs on behalf of a specific user.

Use Case: Services like Number Verify How to Obtain: Two methods available

  1. Authorization Code Flow: This method involves redirecting the user to Glide for authentication and authorization. For mobile users, this process can occur silently. The telecom operator authenticates the user and returns an authorization code to your pre-registered redirect URL. Your backend then exchanges this code for an access token.

  2. Backchannel Authentication: This server-side flow authenticates users through their telecom operator without direct user interaction with Glide. Your backend initiates the authentication process, and if no user consent is required, receives an auth_req_id. This ID can be exchanged for an access token. If user consent is necessary, you'll receive a consent_url to which you can redirect the user.

Scopes and Purposes

When requesting an access token, you can specify scopes and purposes to define the token's permissions. This applies to all authentication flows:

  • Client Credentials: Specify scopes in the /oauth2/token request
  • Authorization Code: Include scopes in the initial /oauth2/auth request
  • Backchannel Authentication: Define scopes in the /oauth2/backchannel-authentication request

Each API endpoint in our reference documentation lists its required scopes and purposes. Scope format:

dpv:<purpose>:<scope>

For example: If you've subscribed to sim-swap for FraudPreventionAndDetection, use the scope:

dpv:FraudPreventionAndDetection:sim-swap.

For convenience, you can omit the purpose and simply use sim-swap. The server will default to your first registered purpose.

Authentication API Reference

The following section provides detailed HTTP API specifications for each authentication method.