Authentication
Obtain Bearer Token
Exchange Basic Auth credentials for a short-lived JWT bearer token.
Cache and reuse until expiry. Credentials Base64-encoded as account_id:secret_key.
GET
Obtain Bearer Token
Documentation Index
Fetch the complete documentation index at: https://docs.auth.energy/llms.txt
Use this file to discover all available pages before exploring further.
Last modified on March 25, 2026
Previous
Create an Access RecordRegisters a new access record on behalf of a Controller. Returns `201` and
an `access-token` containing the new access key (`ak`), plus a `Location`
header pointing to the created resource.
All records use the same `AccessRecord` schema. The `processing.legal-basis`
value determines which additional fields are expected:
- **Consent bases** — populate `notice` and `access-event.consent`.
- **Legitimate interests** — populate `lia-reference` on the lead controller
entry; set `notice` and `access-event.consent` to null.
- **Public task / legal obligation** — populate `statutory-reference` on the
lead controller entry; set `notice` and `access-event.consent` to null.
- **Contract** — set `notice` and `access-event.consent` to null.
Historic records may be submitted — `access-event.registered-at` may predate
`record-metadata.created-at`.
If the DCC has previously submitted a `DISCOVERED` record for the same MPxN
and organisation, the register will link the two records on creation. The
DISCOVERED record is retained for audit; the new full record becomes `ACTIVE`.
To update an existing record use `PUT /access-records/{ak}`.
**Cross-DUID re-identification:** To create an Access Record linked to an Identity Record originally created by another Data User, include a `reidentification-token` field in the request body (alongside the standard `AccessRecord` fields, without `record-metadata.identity-record-ref`). Obtain the token via `POST /identity-records/reidentify`. The register validates the token and resolves the `ir` internally.
Next
Obtain Bearer Token