MERMAID uses OAuth2 authentication for securing and accessing the MERMAID API’s secure endpoints. The following steps are required before making requests to the API:

1. Create a MERMAID Account

Before you can make a request for a JSON Web Token (JWT) or accessing the API, you must first create a MERMAID user account. If you already have an account jump to section 2, if not, an account can be created at

2. Requesting Tokens

OAuth2 Implicit grant type is used to fetch a valid token that can be used to securely access MERMAID API. The folowing details will be needed to setup an implicit authorization flow:

  • Authorization URL

  • Redirect URL

  • Client ID

  • Audience

These details can be requested from the MERMAID team at

3. Calling API

When making requests to the API the token can be included in:

  • the request header

curl --request GET \
    --url \
    --header 'Authorization: Bearer <VALID TOKEN HERE>'
  • the url query string<VALID TOKEN HERE>