Preview Technologies Limited
            Knowledge Base Developers Center Authentication OAuth2.0 Client Credentials Grant

            Get access token with client_credentials grant

            When to use?

            Often we get question about when to use client_credentials grant types to get access token. It's very common. This grant is suitable for machine-to-machine authentication, for example for use in a cron job which is performing maintenance tasks over an API. Another example would be a client making requests to an API that don’t require user’s permission.

            Best use case, accessing our APIs from any machine or server and just want yourself authorized and no need for user authorization


            The client sends a POST request with following body parameters to the authorization server:
            • grant_type with the value client_credentials
            • client_id with the client’s ID
            • client_secret with the client’s secret
            • scope with a space-delimited list of requested scope permissions.
            The authorization server will respond with a JSON object containing the following properties:

            • token_type with the value Bearer
            • expires_in with an integer representing the TTL of the access token
            • access_token a JWT signed with the authorization server’s private key


            Send a request like this

               curl --request POST \
              --url '' \
              --header 'Content-Type: application/x-www-form-urlencoded' \
              --data 'grant_type=client_credentials&client_id={{client_id}}&client_secret={{client_secret}}&scope=basic%20email'
            And on successful, you will get the following JSON.

                "token_type": "Bearer",
                "expires_in": 3600,
                "access_token": "xxxxxxxxxxxxxxxxxxxxx.xxxxxx.xxxxx.xxxxxx"

            Updated: 15 Apr 2018 05:58 AM
            Help us to make this article better
            1 0