← Back to Documentation Home

Getting Started

TRACE APIs use Machine-to-Machine (M2M) authentication. Before making your first API call, obtain M2M credentials from your TRACE administrator and use them to request a Bearer token. All TRACE APIs share the same authentication mechanism — you only need to set it up once.

Authentication

All TRACE API endpoints require a Bearer token in every request:

Authorization: Bearer YOUR_TOKEN

Step 1 — Request Credentials

M2M credentials are provided by your TRACE administrator. Contact them and request M2M access, specifying your use case (e.g., "CRM integration" or "tariff upload automation").

You will receive:

  • Client ID — Your unique application identifier
  • Client Secret — Your confidential application secret
  • API Domain — The base URL for authentication
  • Audience — The target API identifier

Note: Store these credentials securely. Never commit them to version control.

Step 2 — Request a Token

Endpoint: POST https://{your-api-domain}/api/auth/m2m-login

Headers:

Content-Type: application/json

Request Body:

{
  "clientId": "your-client-id",
  "clientSecret": "your-client-secret",
  "audience": "your-audience-url"
}

Note: All credential values (clientId, clientSecret, audience, and API domain) are provided during onboarding.

Response:

{
  "access_token": "eyJhbGc...",
  "token_type": "Bearer",
  "expires_in": 86400
}
Field Description
access_token The JWT token to use for API requests
token_type Always "Bearer"
expires_in Token validity in seconds (86400 = 24 hours)

Step 3 — Use the Token

Include the access token in the Authorization header for every API request:

Authorization: Bearer eyJhbGc...

Note: Tokens expire after the time specified in expires_in. Request a new token before it expires to maintain uninterrupted access.

Required Scopes

Each API requires a specific scope. Make sure your M2M credentials include the correct scope for the API you are integrating with.

API Required Scope Policy
Upload API (provided during onboarding)
CRM API read:leads LeadsAccess

Available APIs

API Description Typical Audience
Upload API Upload and manage energy tariff offers (Direct Marketing, PPA) Price / tariff managers
CRM API Retrieve energy tariff leads and integrate with external CRM systems Integration developers

Platform Configuration

Section Description Typical Audience
TRACE Configuration Platform configuration options for the TRACE application Platform operators