Getting started
Authentication
The TRAVIS API uses OAuth 2.0 access tokens to authenticate API requests.
Authentication flows
The TRAVIS API uses OAuth 2.0 access tokens to authenticate API requests. Depending on the credentials you received, you can authenticate using one of the following flows:
| Grant Type | Description |
|---|---|
password
|
Authenticates using a customer user account. |
client_credentials
|
Authenticates using a service account. |
Full TRAVIS platform integrations that act on behalf of a customer user should use the password flow. Partner integrations, as well as customer integrations that only use the Location API, should use the client_credentials flow.
Requesting an access token
Before calling any TRAVIS API endpoint, you must obtain an access token from the TRAVIS Authentication Server. Access tokens are issued using OAuth 2.0 and are short-lived.
Token endpoint
POST https://auth.yourtravis.com/realms/travis-road-services/protocol/openid-connect/token
Copy
The token endpoint accepts application/x-www-form-urlencoded requests.
Common request parameters
| Parameter | Required | Description |
|---|---|---|
grant_type
|
Yes | The OAuth 2.0 grant type. Must be either password or client_credentials. |
client_id
|
Yes | Your issued client identifier. |
client_secret
|
Yes | Your issued client secret. |
scope
|
Yes | Must be set to openid. This value is required to request an OpenID Connect token. |
Password grant (customer accounts)
This flow authenticates using a customer user account and returns an access token representing that user.
Additional parameters
| Parameter | Required | Description |
|---|---|---|
username
|
Yes | The username of the customer user. |
password
|
Yes | The password of the customer user. |
Example request
curl -X POST https://auth.yourtravis.com/realms/travis-road-services/protocol/openid-connect/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=password" \
-d "client_id=YOUR_CLIENT_ID" \
-d "client_secret=YOUR_CLIENT_SECRET" \
-d "username=user@example.com" \
-d "password=USER_PASSWORD" \
-d "scope=openid"
Copy
Client Credentials grant (service accounts)
This flow authenticates using a service account and does not represent a user.
Additional parameters
This grant type does not require any additional parameters.
Example request
curl -X POST https://auth.yourtravis.com/realms/travis-road-services/protocol/openid-connect/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials" \
-d "client_id=YOUR_CLIENT_ID" \
-d "client_secret=YOUR_CLIENT_SECRET" \
-d "scope=openid"
Copy
Successful response
A successful request returns a JSON response containing the access token and related metadata:
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lk...",
"expires_in": 300,
"refresh_expires_in": 7776000,
"refresh_token": "eyJhbGciOiJIUzUxMiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJhNDg1Yjk5MS...",
"token_type": "Bearer",
"id_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJ4MzI1Q3NnTm...",
"not-before-policy": 0,
"session_state": "da32f439-1337-4c1d-c2g8-d3e9e347a867",
"scope": "openid profile email groups"
}
Copy
Response fields
| Field | Description |
|---|---|
access_token
|
The access token to include in API requests. |
token_type
|
Always Bearer. |
expires_in
|
Token lifetime in seconds. |
scope
|
Granted access scope(s). |
refresh_token
|
Token used to obtain a new access token. |
Using the access token
Include the access token in the Authorization header of every API request:
Authorization: Bearer <access_token>
Copy
Refreshing an access token
When the access token expires, you can request a new one using the refresh token:
curl -X POST https://auth.yourtravis.com/realms/travis-road-services/protocol/openid-connect/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=refresh_token" \
-d "client_id=YOUR_CLIENT_ID" \
-d "client_secret=YOUR_CLIENT_SECRET" \
-d "refresh_token=YOUR_REFRESH_TOKEN"
Copy