Authentication for MRCP is done via a VPN and IP whitelisting configuration. Please get in touch with your account manager, or e-mail us at


Authentication to the Stream H2B WebSocket API requires a client_id and client_secret, provided by your account manager.

If you're using our Python SDK, you'll find more details on how to pass these value into it and start consuming the API on our Getting Started.

If you're implementing the protocol yourself, you have to follow these steps:

  1. Request an access_token by sending a POST request on with the following payload:
"client_id": "{the client_id that was provided to you}",
"client_secret": "{the client_secret that was provided to you}",
"grant_type": "client_credentials"

You'll receive a response with an access_token, valid for 5 minutes.

You can copy this cURL command, and replace your client_id and client_secret to get your access token:

curl -L -X POST '' -H 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'client_id=CLIENT_ID' --data-urlencode 'grant_type=client_credentials' --data-urlencode 'client_secret=CLIENT_SECRET' --data-urlencode 'scope=openid'
  1. Pass the access_token in header Authorization with value bearer {access_token} when initiating the WebSocket connection.

Of course the WebSocket connection can last longer than the 5 minutes validity of the access_token. You'll have 5 minutes after requesting it to initiate the connection.