Authorization header:
Obtaining a token
Link runs on Hellgate-managed infrastructure and authenticates with the platform OAuth2 flow. Exchange your client credentials for an access token, then send it as a bearer token. Your instance’s audience is its instance name — the{instance} slug from your base URL — and you request it together with the scopes your client needs:
audience=my-specter-instance my-link-instance). See
Composition for details.
See Platform Authentication for the token endpoint, audiences, and the
client-credentials request.
Scopes
Each endpoint requires a specific scope. Issue every token with the least privilege it needs — runtime clients should hold onlyinvoke:execute, while configuration and operations belong to separate admin clients.
Runtime and admin scopes serve different audiences. Grant
invoke:execute to your payment or decisioning
integration; reserve the admin:* scopes for operator and back-office clients that configure protocols,
backends, and keys.Next steps
Quickstart
Use your token to import a protocol, register a backend, and invoke an action.