OAuth2.0 - Backend Service

POST https://bakrypt.io/auth/token/ || https://testnet.bakrypt.io/auth/token/;

The endpoint above provides an access token that is required for subsequent API calls, such as uploading files or creating assets. The Client Id and Client Secret required for authentication contain sensitive data and must be kept private to avoid unauthorized access. Typically, a backend service or API would manage the authentication process and return the access token to the interface or Single Page Application (SPA).


import express from 'express';
import axios from 'axios';

interface AccessToken {
  access_token: string;
  expires_in: number;
  token_type: string;
  scope: string;
  refresh_token: string;

interface ErrorResponse {
  error: string;
  error_description?: string;

const app = express();
const externalApiUrl = 'https://bakrypt.io/auth/token/' || 'https://testnet.bakrypt.io/auth/token/';
const clientId = `$client_id`;
const clientSecret = `$client_secret`;


app.post('/login', async (req, res) => {
  try {
    const { username, password } = req.body;
    const payload = new URLSearchParams();
    payload.append("client_id", clientId);
    payload.append("client_secret", clientSecret);
    payload.append("username", username);
    payload.append("password", password);
    payload.append("grant_type", "password");

    const config = {
      headers: {
        'Content-Type': 'application/x-www-form-urlencoded'

    const response = await axios.post<AccessToken | ErrorResponse>(externalApiUrl, payload, config);

  } catch (error) {
    // Handle error accordingly 
    res.status(500).send('Internal Server Error');

app.listen(3000, () => {
  console.log('Server is listening on port 3000');
import requests

    from typing import TypedDict
except Exception as e:
    from typing_extensions import TypedDict

class AccessToken(TypedDict):
    access_token: str
    expires_in: int
    token_type: str
    scope: str
    refresh_token: str

class ErrorResponse(TypedDict):
    error: str
    error_description: str

CLIENT_ID = '$client_id'
CLIENT_SECRET = '$client_secret'

USERNAME = '$username'
PASSWORD = '$password'

payload = {
    'client_id': CLIENT_ID,
    'client_secret': CLIENT_SECRET,
    'username': USERNAME,
    'password': PASSWORD,
    'grant_type': 'password'

access_token_request = requests.post(
    headers={'content-type': "application/x-www-form-urlencoded"})

if access_token_request.status_code in [200]:
    access_token: AccessToken = access_token_request.json()
    print("Error retrieving access token...")