Skip to main content
Atlas uses JWT-based authentication. You exchange your Client-Id and Client-Secret for a short-lived access token, then include that token in the Token header on every subsequent API request. Tokens expire after 3600 seconds (one hour); use the refresh token endpoint to obtain a new access token without re-submitting your credentials.

How authentication works

  1. Your accounts team provisions a Client-Id and Client-Secret for your integration.
  2. You call the respective auth API with those credentials in the request headers.
  3. Atlas returns an access_token and a refresh_token.
  4. Include the access token in the Token header for all subsequent requests.
  5. When the access token expires, call the respective auth API to get a new one.
Keep your Client-Secret and tokens secure. Never expose them in client-side code, public repositories, or logs.

Sample generation of an access token

POST /v3/verification/authtoken Pass your credentials as request headers. The response body contains the access token and its expiry time in seconds.

Request headers

HeaderTypeRequiredDescription
Client-IdstringYesYour Atlas client ID
Client-SecretstringYesYour Atlas client secret

Response

FieldTypeDescription
access_tokenstringJWT token to use in the Token header
expires_inintegerToken lifetime in seconds (3600)
curl --request POST \
  --url https://docstream.dev.kreditmind.com/v1/docstream/authtoken \
  --header "Client-Id: your-client-id" \
  --header "Client-Secret: your-client-secret"

Error responses

StatusMeaning
400Client-Id or Client-Secret header is missing
401The credentials provided are invalid
{
  "error": "Missing Client-Id or Client-Secret"
}

Using the token

Include the access token in the Token header on every request that requires authentication: 
Token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
For example, when uploading documents: 
curl --request POST \
  --url https://docstream.dev.kreditmind.com/v1/docstream/multiupload \
  --header "Token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \
  --header "Content-Type: application/json" \
  --data '{"product_type": "POC_CDL", "file_urls": [], ...}'