Client credentials flow quick start

If you want to use machine-to-machine authorization, you might want to use the client credentials grant flow. The client app needs to securely store its client identifier and secret and pass those to the Authorization Server in exchange for an access token. This quick start procedure will help you start using the client credentials flow as soon as possible.

Before you begin

  1. Configure OAuth scopes for resource and methods in your registered API. See Configure OAuth 2.0 scopes.
  2. Register at least one identity provider to authenticate resource owners. See Register an identity provider.
  3. Set up your app in OAuth Management in Control Center. See Register a client app.

How to

Start the credentials grant flow by making a request to the Authorization Server:
Authorization: Basic <client-id>:<client-secret> 
Content-Type: application/x-www-form-urlencoded 

Note the parameters in the request:
Information which authorization grant flow you are using. For the client credentials flow, it's client_credentials.

What you should see

If the credentials are valid, the client app will receive a response with an access token similar to this one:

HTTP/1.1 200
Content-Type: application/json

  "access_token" : <access-token>,
  "token_type" : "Bearer",
  "expires_in" : <expiration-time-in-seconds>,
  "scope" : <granted-scopes>
Note the properties of the response:
The access token issued by the Authorization Server.
The type of token. Typically, it is a string Bearer.
The time in seconds that the access token is valid for.
The scopes granted to the client app.

Next steps

Optionally, you can: