Skip to content
Developers
No results found.

Client Credentials Flow

This grant allows a Client to directly authenticate itself with the authorization server using its own credentials, in this case Client ID and Client secret.

Do not use this flow in public applications such as your application's front-end as it involves using Client Secret which would result exposing it to public.

Make sure your Client has client_credentials grant type enabled in Dashboard > Clients > Details > Grant Types

Request Body

client_id
string
Required

Your client id.

client_secret
string
Required

Your client's secret.

grant_type
string
Required

For Client Credentials Grant this must be set to client_credentials

Value: client_credentials

audience
string

Audience of to be generated access token.

NOTE: Make sure your client is granted access to use this audience from Dashboard > Resources > [Your Resource] > Clients

scope
string

Space separated permissions (scopes) list.

Make sure your client has access to the scopes for your resource from Dashboard > Resources > [Your Resource] > Clients.

POST
/oauth2/token
cURL
cURLC#DartGoJavaJavaScriptPHPPythonRubyRustSwift
1
2
3
4
5
6
7
8
Loading...
Response
200
Successful
Loading...

Response Body Schema

access_token
string
Required

Access token value in JWT string

expires_in
number
Required

Access token's expiration in seconds

scope
string

Final scopes granted to access token as space separated strings.

token_type
string

Available Values: DPoPBearer