SDK Authentication

This guide covers how to obtain API credentials, configure them in the SDK, and manage authentication tokens.

Get your credentials

To use the Orbitport API, you need a client ID and client secret. Request credentials by filling out the SpaceComputer access form. You will receive your credentials on the form's ending page.

Configure credentials in the SDK

Pass your credentials to the SDK constructor:

import { OrbitportSDK } from "@spacecomputer-io/orbitport-sdk-ts";

const sdk = new OrbitportSDK({
  config: {
    clientId: "your-client-id",
    clientSecret: "your-client-secret",
  },
});

The SDK handles the full OAuth2 client-credentials flow automatically. When you call sdk.ctrng.random(), the SDK will:

Request an access token from the auth server (https://auth.spacecomputer.io/oauth/token).
Cache the token and reuse it for subsequent requests.
Refresh the token when it expires.

Use environment variables

A common pattern is to load credentials from environment variables to keep them out of source code:

export OP_CLIENT_ID=<your-client-id>
export OP_CLIENT_SECRET=<your-client-secret>

const sdk = new OrbitportSDK({
  config: {
    clientId: process.env.OP_CLIENT_ID,
    clientSecret: process.env.OP_CLIENT_SECRET,
  },
});

For reference, the full set of auth-related environment variables used by the Orbitport ecosystem:

OP_AUTH_DOMAIN=auth.spacecomputer.io
OP_AUTH_AUDIENCE=https://op.spacecomputer.io/api
OP_CLIENT_ID=<your-client-id>
OP_CLIENT_SECRET=<your-client-secret>

Check token validity

You can inspect the current authentication state:

// Check whether the cached token is still valid
const isValid = await sdk.auth.isTokenValid();

// Get detailed token information
const tokenInfo = await sdk.auth.getTokenInfo();

Use the SDK without credentials

If you do not provide credentials, the SDK skips authentication entirely and fetches cTRNG values from the public IPFS beacon instead:

const sdk = new OrbitportSDK({ config: {} });

// This will use IPFS -- no auth needed
const result = await sdk.ctrng.random();

When credentials are provided but the API is unreachable, the SDK automatically falls back to IPFS as well.

Next steps

SDK Quickstart -- Install the SDK and make your first request.
Fetch cTRNG Without the SDK -- Perform the OAuth2 token flow manually with curl.
Orbitport Architecture -- Understand how authentication fits into the system.

Get your credentials​

Configure credentials in the SDK​

Use environment variables​

Check token validity​

Use the SDK without credentials​

Next steps​