Authentication

Authentication using Client Credentials with Cadasto Smart Auth

This document explains how to obtain machine-to-machine access tokens using the OAuth 2.0 Client Credentials flow against Cadasto Smart Auth (https://cataniamc.auth.prod.cadasto.io).

1. Prerequisites

• Registered OAuth client with type "confidential" (client_id and client_secret).
• Access to a development or production Smart Auth environment.

Base URL:

https://cataniamc.auth.prod.cadasto.io

2. Requesting credentials

Client credentials (client_id and client_secret) are provided by Cadasto after we have set up an environment for you. Contact Cadasto to request credentials and specify any required redirect URIs or allowed origins. Once Cadasto registers the client, they will supply the client_id and client_secret which you should store securely.

3. Obtain an Access Token (Client Credentials)

Use the OAuth token endpoint with grant_type=client_credentials. Prefer sending client credentials with HTTP Basic auth.

Token Endpoint

POST https://cataniamc.auth.prod/cadasto.io/auth/token

Required parameters

Example Request (cURL)

curl -X POST "https://cataniamc.auth.prod.cadasto.io/oauth/token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -u "<client_id>:<client_secret>" \
  -d "grant_type=client_credentials"
  -d "scope=<space_separated_scopes>"
  -d "audience=<resource_server>"

If the authorization header is not used, you can post client_id and client_secret in the form body (less preferred).

Example Successful Response

{
  "access_token": "eyJiou12jasd...",
  "token_type": "Bearer",
  "expires_in": 3600,
  "scope": "api.read api.write"
}

Note: Client Credentials typically do not return a refresh_token. When the access token expires, request a new token.

4. Use the Access Token

Include the access token in API requests:

GET https://cataniamc.api.prod.cadasto.io/openehr/v1/definition/template/adl1.4
Authorization: Bearer <access_token>