Astravue API & MCP

The Astravue Public API empowers developers to build integrations, custom tools, and automations with the Astravue platform. Whether you're creating internal tools or full-scale applications, our API gives you the flexibility and power to interact with the platform programmatically.

This documentation provides everything you need to get started quickly and securely.

Getting Started with Astravue API

Explore the API

You can browse the OpenAPI description to understand the available endpoints, expected parameters, and response formats.

Run the API Collection in Postman

You can fork our Postman collection for using our APIs in your development environment.

Authentication

The Astravue Public API uses OAuth 2.0 Authorization Code Flow for secure access, powered by Keycloak.

How to Get Your API Credentials

Click on your profile icon in the top-right corner.

Navigate to the Settings page.

Select the Apps tab.

Click Create App.

Fill in:

App Name

Redirect URL(s)

Once created, you'll be provided with:

Client ID

Client Secret

Step 1: Redirect User to the Authorization URL

To begin the OAuth 2.0 flow, redirect the user to the Astravue authorization endpoint:

https://auth.astravue.com/realms/astravue/protocol/openid-connect/auth

Required query parameters:

response_type=code — Requests an authorization code.

client_id=YOUR_CLIENT_ID — Your app's Client ID.

redirect_uri=YOUR_REGISTERED_REDIRECT_URI — Must match one of the URIs you registered.

state=RANDOM_STRING — (Recommended) A random string to prevent CSRF attacks.

Example URL:

https://auth.astravue.com/realms/astravue/protocol/openid-connect/auth?response_type=code&client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_REGISTERED_REDIRECT_URI&scope=openid&state=RANDOM_STRING

After the user authenticates and approves access, they will be redirected to your redirect_uri with an authorization code in the URL:

https://yourapp.com/callback?code=AUTHORIZATION_CODE&state=RANDOM_STRING

Step 2: Exchange Authorization Code for Tokens

Use the authorization code to request an access token and refresh token from the token endpoint:

POST https://auth.astravue.com/realms/astravue/protocol/openid-connect/token

Required parameters (x-www-form-urlencoded):

grant_type=authorization_code

code=AUTHORIZATION_CODE (from previous step)

redirect_uri=YOUR_REGISTERED_REDIRECT_URI

client_id=YOUR_CLIENT_ID

client_secret=YOUR_CLIENT_SECRET

The response will include your access_token (valid for 30 minutes) and refresh_token (long-lived).

Step 3: Refresh Access Token

When your access token expires (after 30 minutes), use your refresh token to get a new access token:

POST https://auth.astravue.com/realms/astravue/protocol/openid-connect/token

Required parameters (x-www-form-urlencoded):

grant_type=refresh_token

refresh_token=YOUR_REFRESH_TOKEN

client_id=YOUR_CLIENT_ID

client_secret=YOUR_CLIENT_SECRET

The response will include a new access_token and potentially a new refresh_token.

Token Lifecycle

Access Token: Valid for 30 minutes.

Refresh Token: Long-lived (does not expire by default).

When your access token expires, use the refresh token to request a new one.

⚠️ Never expose your client secret in frontend or public code.

Resources

OAuth 2.0 Authorization Code Flow

OpenAPI Specification

Feedback & Support

We value your feedback. If you have suggestions, encounter issues, or want to request features, please email to support@astravue.com.

Happy building! 🚀

Getting Started with Astravue API#

Explore the API#

Run the API Collection in Postman#

Authentication#

How to Get Your API Credentials#

Step 1: Redirect User to the Authorization URL#

Step 2: Exchange Authorization Code for Tokens#

Step 3: Refresh Access Token#

Token Lifecycle#

Resources#

Feedback & Support#