The Auth Armor API is the central piece of the Auth Armor service. Interfacing with it gives you direct access to all the features Auth Armor provides.

In the below guide, we provide all the ways you interface with it. The initial requirements of it, references and for further uses, the guides for it.


API Authentication

  • Auth Armor uses OAuth 2.0 standard for its authentication/authorization needs.


What is the OAuth 2.0 standard? ( What is the OAuth 2.0 standard?)


If new, create a project to access these 2 details. How to create a project.

  • Request your bearer token from our OAuth2 auth Server using these 2 details
POST /connect/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: [dynmaic]
curl -XPOST -H 'Content-Type: application/x-www-form-urlencoded' -d '{ client_id: "string", client_secret: "string", grant_type: "client_credentials" }' ''
fetch('', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/x-www-form-urlencoded'
  body: '{ client_id: "string", client_secret: "string", grant_type: "client_credentials" }'
import http.client

conn = http.client.HTTPSConnection("")

payload = ""

headers = { 'Content-Type': "application/x-www-form-urlencoded" }

conn.request("POST", "/connect/token", payload, headers)

res = conn.getresponse()
data =

package main

import (

func main() {
	client := &http.Client{}
	var data = strings.NewReader(`{ client_id: "string", client_secret: "string", grant_type: "client_credentials" }`)
	req, err := http.NewRequest("POST", "", data)
	if err != nil {
	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
	resp, err := client.Do(req)
	if err != nil {
	defer resp.Body.Close()
	bodyText, err := io.ReadAll(resp.Body)
	if err != nil {
	fmt.Printf("%s\n", bodyText)

API Authorizations

All requests to protected endpoints require you to pass in your authorization token in your request header for security.

API Perculiars

When using the Auth Armor API, below are the peculiar details you need to know about:

How to hide sensitive identifiers from endpoints:

  • When the API Call you are making requires the context of the user. - As a default, you can provide this identifier in the URL of the request you are sending.
    • Example Endpoint:{put_v3-users-user-id}
  • To prevent the exposure of sensitive data, you can provide this information in the Header instead and replace the above path parameter with 00000000-0000-0000-0000-000000000000
    • Making the endpoint
    • headers: (X-AuthArmor-UsernameValue: [email protected])
  • Header data is encrypted data under TLS/SSL mechanism, protecting the exposure of your user’s sensitive data.

API Security

  • Request headers are encrypted when using TLS/HTTPS, a request route is not.
  • Use user_id in the route, if you wish to use a username and it’s not sensitive data.
  • The above 2 configurations ensure flexibility along with optional tighter security and privacy setup.

With all the information above combined, you can access the direct api reference to make your api calls below or follow our step-by-step guide on implementing Auth Armor as well below.

What’s Next