Authentication
Cumulus9's API uses OAuth 2.0 Client Credentials Flow for authentication. To access API endpoints, you must first retrieve an access token by authenticating with your Client ID and Client Secret using Basic Authentication.
Obtaining an Access Token
To obtain an access token, make a POST request to the token endpoint with your client credentials.
Endpoint
POST {authUrl}/token
Request Headers
Authorization: "Basic BASE64(client_id:client_secret)"
Content-Type: "application/x-www-form-urlencoded"
Request Body
grant_type: "client_credentials"
scope: "riskcalc/get"
Example
cURL request
curl -X POST "{authUrl}/token" \
-H "Authorization: Basic $(echo -n 'your_client_id:your_client_secret' | base64)" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials&scope=riskcalc/get"
Successful Response
{
"access_token": "eyJraWQiOiJ3RGk0U...",
"expires_in": 86400,
"token_type": "Bearer"
}
Using the Access Token
Once you receive the access token, include it in the Authorization header of all subsequent API requests as a Bearer token.
Endpoint
POST {baseUrl}/portfolios
Request Headers
Authorization: "Bearer your_access_token"
Content-Type: "application/json"
Request Body
{
"calculation_type": "margins",
"execution_mode": "sync",
"portfolio": [...]
}
Example
cURL request
curl -X POST "{baseUrl}/portfolios" \
-H "Authorization: Bearer your_access_token" \
-H "Content-Type: application/json" \
-d '{ "portfolio": [...] }'
Successful Response
{
"request_id": "64224eba...",
"data": [...]
}
If you encounter authentication errors, ensure that:
- Your Client ID and Client Secret are correct.
- The Authorization header is properly formatted (
Basicfor token requests,Bearerfor API requests). - The token is not expired.