The client credentials workflow is generally used for server-to-server interactions that run in the background. This section presents an example access token request using the client credentials workflow.
Get set up
Make sure your client is registered, and has the client credentials, which are the Client ID and Client Secret.
If you do not have a client yet, you can download and set up a client like Postman.
Request an access token from the authorization server
Using the client credentials, request an access token from the authorization server:
POST <Authorization_Server_Token_URL>/v1/token
To do so, specify the following information in the request.
Request Section |
Information to Specify |
Key-Value Pair to Use |
---|---|---|
Authorization Header |
Client credentials |
"authorization": "basic <Base64 encoded credentials>" The Basic authorization type requires client credentials to be encoded in Base64. |
Request Header |
Content type |
"content_type": "application/x-www-form-urlencoded" |
Request Body |
Grant type |
"grant_type": "client_credentials" |
Scope |
"scope": "ingr.api" |
The Base64 encoding scheme is used to encode binary data to when it is stored or transmitted. Encoding the data ensures that it is not modified or corrupted during transport.
You can use any programming language to encode the client credentials.
Get the access token from the response
The authorization server response will include the access token, for example:
{
"token_type": "Bearer",
"expires_in": 3600,
"access_token": "eyJhbG[...]1LQ",
"scope": "ingr.api"
}
Use the access token
Send a request from your client to the API, specifying the access token in the authorization header. For example:
"authorization": "Bearer <access_token>"
An access token is valid for one hour, after which it expires. To get a new token, send a new request to the authorization server.