Authentication

Generate Bearer Token

Credits: Free — authentication endpoint.

Issues a short-lived Bearer JWT from valid API Key or Basic credentials. The token can then be sent as Authorization: Bearer <access_token> on subsequent requests instead of resending your long-lived API Key. Useful for handing access to a downstream client without sharing your primary credentials.

Auth: API Key (x-api-key) or HTTP Basic. Bearer tokens cannot issue new tokens (no token chaining).

Body: entirely optional. Send {} to get a token with default lifetime.

Lifetime: controlled by expireAfter (seconds). When omitted, the gateway uses its configured default (currently 3600). When present, it must be between 1 and the configured maximum (currently 3600). Values outside that range are rejected with OUT_OF_RANGE.

Revocation: tokens are stateless and self-expiring. There is no revocation endpoint — if a token is compromised, rotate the underlying API Key. The next snapshot reload propagates the rotation across all gateway instances within ~5 minutes.

cURL

curl -X POST https://api.origoid.com/auth/token \
  -H "x-api-key: YOUR_API_KEY" \
  -H "content-type: application/json" \
  -d '{"expireAfter": 1800}'

{
  "status": "OK",
  "type": "SUCCESS",
  "message": "Token issued",
  "data": {
    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjbGllbnRfaWQiOiI...",
    "token_type": "Bearer",
    "expires_in": 3600,
    "scope": "*"
  },
  "transactionId": "3eb33303-3466-4071-872e-067584149666",
  "processedAt": "2026-03-19T10:00:00-06:00",
  "billable": false
}

Authorizations

x-api-key

string

header

required

Body

application/json

expireAfter

integer

Token lifetime in seconds. Optional. When omitted the gateway uses its configured default (currently 3600). Values outside [1, 3600] are rejected with OUT_OF_RANGE.

Required range: 1 <= x <= 3600

Example:

3600

Response

Token generated successfully.

status

enum<string>

required

High-level outcome. OK means the request was successfully processed (regardless of business result). ERROR means the request was rejected or could not be processed.

Available options:

OK,

ERROR

type

string

required

Stable result type code. Includes generic codes (SUCCESS, INVALID_REQUEST, UNAUTHORIZED, SERVICE_UNAVAILABLE, INTERNAL_ERROR, RATE_LIMIT_EXCEEDED) plus endpoint-specific result codes — see this endpoint's response examples.

message

string

required

Human-readable summary of the result. Always in English (per Language Conventions in the API overview).

transactionId

string<uuid>

required

Unique identifier of this request, generated by the API Gateway. Propagated end-to-end for traceability.

processedAt

string<date-time>

required

ISO 8601 datetime with Mexico City offset (-06:00). Always set by the API Gateway when the response leaves the system.

billable

boolean

required

Whether this request will be charged against the client's plan. Typically true for successful business results and false for validation errors or system errors that prevented processing.

data

object

Response payload. null on error responses. Shape depends on the endpoint — see each operation's response schema.

errors

object[]

Per-field error details. Present only on INVALID_REQUEST responses.

Show child attributes

Validate CURP**Credits:** 1 per call. Validates a CURP (Clave Única de Registro de Población) against the official RENAPO registry and returns the full personal record associated with it: given names, surnames, gender, date of birth, birth state, document status (active, deceased, apocryphal, judicial suspension), and registration metadata. Optionally generates the associated 13-character RFC (Registro Federal de Contribuyentes) when `generateRfc: true` is sent. RFC generation is deterministic from CURP and does not call SAT. Use this endpoint when you have a CURP and need to confirm it is genuine, find out who owns it, or detect if the holder is deceased before extending a financial product.

cURL

curl -X POST https://api.origoid.com/auth/token \
  -H "x-api-key: YOUR_API_KEY" \
  -H "content-type: application/json" \
  -d '{"expireAfter": 1800}'

{
  "status": "OK",
  "type": "SUCCESS",
  "message": "Token issued",
  "data": {
    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjbGllbnRfaWQiOiI...",
    "token_type": "Bearer",
    "expires_in": 3600,
    "scope": "*"
  },
  "transactionId": "3eb33303-3466-4071-872e-067584149666",
  "processedAt": "2026-03-19T10:00:00-06:00",
  "billable": false
}