Cboe LiveVol APIs use the OAuth 2.0 and OpenID Connect 1.0 protocols for authentication and authorization. We support authentication using the Authorization Code Flow and the Client Credentials Flow. Other flows can be supported based on client need.

Learn more about OpenID Connect 1.0 / OAuth 2.0 »

Client Credentials Flow

This is used for machine to machine communication.

1. Request Authorization

The request is sent to the connect/token endpoint.

Method POST
Endpoint connect/token
Request Body Parameters name required description
grant_type Set it to “client_credentials”.
scope Scope required for application.
Request Headers name required description
Authorization Base 64 encoded string that contains the client ID and client secret key. The field must have the format: Basic <base64 encoded client_id:client_secret>.
Request example POST HTTP/1.1
Authorization: Basic ZXhhbXBsZUNsaWVudDpleGFtcGxlQ2xpZW50U2VjcmV0
Response example HTTP/1.1 200 OK
Content-Type: application/json


2. Use the Access Token

Once you have obtained an access token it must be provided in Authorization HTTP header in each WebAPI request.

Request example GET HTTP/1.1
Authorization: Bearer 70dd2395eae0d98c85b58804dd429f48