Getting an Access Token

Your backend exchanges the API key for an access token using the Halosight authentication endpoint.

Endpoint

POST https://api.halosight.ai/api/token/v1/access
Content-Type: application/json

Request Body

{
    "token": "YOUR_API_KEY"
}

Response

The endpoint returns a token object. Return the response body as-is to your client.

Example

The following example shows how to request an access token from Halosight in a Node.js backend using axios.
Your backend calls the Halosight endpoint with your API key (stored securely in an environment variable), then returns the access token response directly to your frontend.

This pattern ensures:

🔒 The API key never leaves your server.
🔄 The frontend only receives a short-lived access token, not the API key.
🧩 The same approach applies no matter what backend language or framework you use (Node.js, Python, Java, .NET, etc.).

import axios from 'axios';

async function getAccessToken() {
    try {
        const response = await axios.post(
            'https://api.halosight.ai/api/token/v1/access',
            { token: process.env.HALOSIGHT_API_KEY } // Securely stored in env vars
        );

        // Return the response body exactly as received
        return response.data;
    } catch (error) {
        console.error('Authentication failed:', error.message);
        throw error;
    }
}

Security Best Practices

🔒 Store API keys only on the server (e.g., environment variables).
🔒 Never expose the API key in client-side code.
🔒 Always use HTTPS for token exchange.
🔒 Treat access tokens as sensitive; store them only for the duration of a user session.

Endpoint​

Request Body​

Response​

Example​

Security Best Practices​

Endpoint

Request Body

Response

Example

Security Best Practices