Authentication
Embarc supports two authentication modes so you can align security posture with the environment in use.
Production – OAuth 2.1 JWT Bearer Tokens
Production environments rely on OAuth 2.1. Obtain a JWT access token from the Embarc identity service and attach it to every API call:
Authorization: Bearer <access-token>
TenantId: <tenant>Tokens are short lived, stateless, and governed by enterprise policies
(multifactor authentication, password rotation, device trust). Refresh the
token whenever the platform returns 401 Unauthorized.
Sandbox – HTTP Basic
Sandboxes keep things simple with HTTP Basic for convenience during integration testing. Here, you would Base64 encodeusername:password and send it on each call:
Authorization: Basic <base64 credentials>
TenantId: <tenant>Quick Reference
| Environment | Recommended Auth | Headers to send |
|---|---|---|
| Production | OAuth 2.1 (Bearer token) | Authorization: Bearer … |
| Sandbox | HTTP Basic | Authorization: Basic … |
Regardless of mode, the tenant header remains mandatory so Embarc can route each request your Tenant.
Updated about 1 month ago