Skip to content

Server Side Apps

In some cases an application may need to authenticate itself, rather than a human user. An example of this could be an application that must spin up at some set interval and run some logic that requires authentication and authorization. In this case the application would need to get it's own access_token. This is why we provide the client_credentials grant type.

The token endpoint

  • Method: POST
  • Endpoint: ${serverRoot}/oauth/token

Query Params

Query Parameter Type Description
grant_type string Required This value must be set to client_credential


Header Value Description
Authorization Basic Required The users bearer token
  • An example of how to create the base64EncodedClientIdAndSecret is below:
$ echo -n "yourClientId:yourClientSecret" | base64


* If the request is successful the response will look similar to the following:
HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: no-store


An example of how to invoke is below:

$ curl --location --request POST 'http://localhost:8381/oauth/token?grant_type=client_credentials' \
--header 'Authorization: Basic TheBase64EncodedClientIdAndSecret=='