API Authentication

Version V1

The Molecule API uses OAuth 2.0 Resource Owner Password Credentials grant to secure all endpoints. Partners must obtain a valid access token and include it with each request.

Obtaining an Access Token

Send a POST request to the Molecule identity provider with your credentials:

POST https://id.moleculesystems.com/connect/token
Content-Type: application/x-www-form-urlencoded

grant_type=password
&client_id=molecule-api
&username=<your-username>
&password=<your-password>

Sample Authentication Request

const response = await fetch('https://id.moleculesystems.com/connect/token', {
  method: 'POST',
  headers: { 'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8' },
  body: new URLSearchParams({
    username: '<your-username>',
    password: '<your-password>',
    client_id: 'molecule-api',
    grant_type: 'password',
  }).toString(),
});

const data = await response.json();
const accessToken = data.access_token;

Sample Token Response

{
  "access_token": "<your-access-token>",
  "expires_in": 3600,
  "token_type": "Bearer"
}

Using the Access Token

Include the token as a Bearer token in the Authorization header of each API request:

Authorization: Bearer <access_token>

warning

Tokens are short-lived. Store the expires_in value (in seconds) and refresh your token before it expires to avoid authentication failures.

note

If your credentials are invalid or the auth service is unreachable, the request will fail. Ensure your username, password, and client_id are correct before retrying.

Version V1​

Obtaining an Access Token​

Sample Authentication Request​

Sample Token Response​

Using the Access Token​

Version V1

Obtaining an Access Token

Sample Authentication Request

Sample Token Response

Using the Access Token