Oauth Python API Docs | dltHub
Build a Oauth-to-database pipeline in Python using dlt with AI Workbench support for Claude Code, Cursor, and Codex.
Last updated:
Autodesk Platform Services (APS) OAuth is the open standard protocol for delegated authorization, used to obtain access tokens for APS REST APIs. The REST API base URL is https://developer.api.autodesk.com and All token‑protected requests require a Bearer access token in the Authorization header..
dlt is an open-source Python library that handles authentication, pagination, and schema evolution automatically. dlthub provides AI context files that enable code assistants to generate production-ready pipelines. Install with uv pip install "dlt[workspace]" and start loading Oauth data in under 10 minutes.
What data can I load from Oauth?
Here are some of the endpoints you can load from Oauth:
| Resource | Endpoint | Method | Data selector | Description |
|---|---|---|---|---|
| access_token | /authentication/v1/authenticate | POST | access_token | Obtain a two‑legged (client_credentials) access token. |
| authorize | /authentication/v1/authorize | GET | Redirect URL for three‑legged authorization flow. | |
| token_exchange | /authentication/v1/gettoken | POST | access_token | Exchange authorization code for a three‑legged access token. |
| introspect | /authentication/v1/introspect | POST | Validate or inspect a token's status. | |
| revoke | /authentication/v1/revoke | POST | Revoke an access or refresh token. | |
| jwks | /authentication/v1/jwks | GET | keys | Retrieve JWKS public keys for JWT validation. |
| logout | /authentication/v1/logout | GET | Log out the user and clear session. |
How do I authenticate with the Oauth API?
OAuth 2.0 is used (client credentials for two‑legged, authorization code for three‑legged). Obtain tokens from the token endpoint and include them as: Authorization: Bearer <access_token>. Client ID and client secret are used when requesting tokens.
1. Get your credentials
- Sign in to the APS/Autodesk Developer Portal (My Apps). 2) Create/Register a new app. 3) Note the assigned Client ID and Client Secret. 4) Configure callback URLs and select the required scopes. 5) Use the Client ID/Secret to request tokens via the appropriate OAuth flow.
2. Add them to .dlt/secrets.toml
[sources.oauth_source] client_id = "your_client_id" client_secret = "your_client_secret"
dlt reads this automatically at runtime — never hardcode tokens in your pipeline script. For production environments, see setting up credentials with dlt for environment variable and vault-based options.
How do I set up and run the pipeline?
Set up a virtual environment and install dlt:
uv venv && source .venv/bin/activate uv pip install "dlt[workspace]"
1. Install the dlt AI Workbench:
dlt ai init --agent <your-agent> # <agent>: claude | cursor | codex
This installs project rules, a secrets management skill, appropriate ignore files, and configures the dlt MCP server for your agent. Learn more →
2. Install the rest-api-pipeline toolkit:
dlt ai toolkit rest-api-pipeline install
This loads the skills and context about dlt the agent uses to build the pipeline iteratively, efficiently, and safely. The agent uses MCP tools to inspect credentials — it never needs to read your secrets.toml directly. Learn more →
3. Start LLM-assisted coding:
Use /find-source to load data from the Oauth API into DuckDB.
The rest-api-pipeline toolkit takes over from here — it reads relevant API documentation, presents you with options for which endpoints to load, and follows a structured workflow to scaffold, debug, and validate the pipeline step by step.
4. Run the pipeline:
python oauth_pipeline.py
If everything is configured correctly, you'll see output like this:
Pipeline oauth_pipeline load step completed in 0.26 seconds 1 load package(s) were loaded to destination duckdb and into dataset oauth_data The duckdb destination used duckdb:/oauth.duckdb location to store data Load package 1749667187.541553 is LOADED and contains no failed jobs
Inspect your pipeline and data:
dlt pipeline oauth_pipeline show
This opens the Pipeline Dashboard where you can verify pipeline state, load metrics, schema (tables, columns, types), and query the loaded data directly.
Python pipeline example
This example loads access_token and jwks from the Oauth API into DuckDB. It mirrors the endpoint and data selector configuration from the table above:
import dlt from dlt.sources.rest_api import RESTAPIConfig, rest_api_resources @dlt.source def oauth_source(client_id=dlt.secrets.value): config: RESTAPIConfig = { "client": { "base_url": "https://developer.api.autodesk.com", "auth": { "type": "bearer", "access_token": client_id, }, }, "resources": [ {"name": "access_token", "endpoint": {"path": "authentication/v1/authenticate", "data_selector": "access_token"}}, {"name": "jwks", "endpoint": {"path": "authentication/v1/jwks", "data_selector": "keys"}} ], } yield from rest_api_resources(config) def get_data() -> None: pipeline = dlt.pipeline( pipeline_name="oauth_pipeline", destination="duckdb", dataset_name="oauth_data", ) load_info = pipeline.run(oauth_source()) print(load_info)
To add more endpoints, append entries from the resource table to the "resources" list using the same name, path, and data_selector pattern.
How do I query the loaded data?
Once the pipeline runs, dlt creates one table per resource. You can query with Python or SQL.
Python (pandas DataFrame):
import dlt data = dlt.pipeline("oauth_pipeline").dataset() sessions_df = data.access_token.df() print(sessions_df.head())
SQL (DuckDB example):
SELECT * FROM oauth_data.access_token LIMIT 10;
In a marimo or Jupyter notebook:
import dlt data = dlt.pipeline("oauth_pipeline").dataset() data.access_token.df().head()
See how to explore your data in marimo Notebooks and how to query your data in Python with dataset.
What destinations can I load Oauth data to?
dlt supports loading into any of these destinations — only the destination parameter changes:
| Destination | Example value |
|---|---|
| DuckDB (local, default) | "duckdb" |
| PostgreSQL | "postgres" |
| BigQuery | "bigquery" |
| Snowflake | "snowflake" |
| Redshift | "redshift" |
| Databricks | "databricks" |
| Filesystem (S3, GCS, Azure) | "filesystem" |
Change the destination in dlt.pipeline(destination="snowflake") and add credentials in .dlt/secrets.toml. See the full destinations list.
Troubleshooting
Authentication failed / invalid_client
If the client_id or client_secret are incorrect or missing, token requests return HTTP 401 or 400 with error descriptions. Verify the credentials in the Developer Portal and ensure they are sent correctly.
Expired token / invalid_token
APIs return 401 Unauthorized for expired or revoked tokens. Obtain a new token (client_credentials) or refresh the token (authorization_code) before retrying.
Rate limiting
APS may enforce rate limits on token and API endpoints; exceeding limits returns 429 Too Many Requests. Implement exponential backoff and respect the Retry‑After header.
JWKS / token validation
When validating JWTs locally, retrieve the public keys via the GET /authentication/v1/jwks endpoint. Use the "keys" array from the response to verify token signatures and expirations.
Ensure that the API key is valid to avoid 401 Unauthorized errors. Also, verify endpoint paths and parameters to avoid 404 Not Found errors.
Next steps
Continue your data engineering journey with the other toolkits of the dltHub AI Workbench:
data-exploration— Build custom notebooks, charts, and dashboards for deeper analysis with marimo notebooks.dlthub-runtime— Deploy, schedule, and monitor your pipeline in production.
dlt ai toolkit data-exploration install dlt ai toolkit dlthub-runtime install
Was this page helpful?
Community Hub
Need more dlt context for Oauth?
Request dlt skills, commands, AGENT.md files, and AI-native context.