🔐 Authenticate

Authenticate

To access the API, you need to authenticate using an OAuth2 access token provided by our OAuth2 provider. Follow these steps to obtain and use an access token:

Create a service account

1. Log in to your Eazyrent console.
2. Go to Settings/Developer and create a new service account. Service accounts are users specifically designated to access APIs.
3. Select the appropriate authorizations for the service account. Always follow the principle of least privilege.
4. Choose the OAuth2 flow you will use to obtain an access token (see relevant section below).
5. Download and save your credentials. Note: these credentials are sensitive data, so rotate them regularly and store them securely.

Obtain a Bearer

To access our APIs, you need a valid Bearer emitted from our central authorization server available at https://auth.eazyrent.fr

In order to get the the rights permissions you need ask the following scopes when generating a Bearer

• urn:zitadel:iam:org:projects:roles (allows our auth system to includes your authorizations)
• urn:zitadel:iam:user:resourceowner (allows our auth system to includes your organization)
• urn:zitadel:iam:org:project:id:310976816384838665:aud (allows to access the Eazyrent project)

warning

If you omit those scopes you will not be able to access the APIs

OAuth2 Flows

Choose the appropriate OAuth2 flow based on your credentials:

JWT Bearer Token with Private Key Flow

This a more complexe but also a more secure Flow.

You can exchange a local crafted JWT against a Bearer using the following approach:

1. Generate a JWT including the following information

{
    "iss": "<JSONKey.userId>",
    "sub": "<JSONKey.userId>",
    "aud": "https://auth.eazyrent.fr",
    "exp": "<A valid timestamp in the future>",
    "iat": "The current timestamp",
}

2. Sign the JWT using the RSA key included in your JSON key file.

3. Exchange your JWT against a Bearer by sending it to the auth server.

curl -X POST https://auth.eazyrent.fr/oauth/v2/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer" \
-d "scope=urn:zitadel:iam:org:projects:roles urn:zitadel:iam:user:resourceowner urn:zitadel:iam:org:project:id:310976816384838665:aud"
-d "assertion=<YOUR LOCAL CRAFTED JWT>"

Try it:

🎟️ Generate Bearer Token

JWT Bearer Token with Private Key Flow (RFC7523)

When using this flow, you will need to sign a JWT with the private key you downloaded. You can then exchange this JWT for an access token via the token endpoint. This flow is recommended for secure, automated access where client secrets are not ideal for storage.

Note: Ensure that any tokens or keys are stored securely and rotated periodically.

Client Credentials Flow

Client Credentials Flow

Use this flow to obtain an access token by sending your client_id and client_secret to the token endpoint. This will return an access token.

You can obtain a Bearer by sending your credentials to the auth system.

curl -X POST https://auth.eazyrent.fr/oauth/v2/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials" \
-d "client_id=<YOUR_CLIENT ID>" \
-d "client_secret=<YOUR CLIENT SECRET>" \
-d "scope=urn:zitadel:iam:org:projects:roles urn:zitadel:iam:user:resourceowner urn:zitadel:iam:org:project:id:310976816384838665:aud"

Try it:

🎟️ Generate Bearer Token

Sanity check

You can validate your auth process by pasting your Bearer and then click to verify token