Client Credentials Grant Type
Last updated: 1 minute read.
The Client Credentials grant type uses the OAuth client credentials to generate a token.
Token Request
This request provides the client credentials in exchange for an API token.
curl -X POST \
https://tyk.cloud.tyk.io/oauth-api/oauth/token/ \
-H 'Authorization: Basic ZWQ1OTE1OGZhMjM0NGU5NGIzZTYyNzhlOGFiODUxNDI6TUdRM056RTJNR1F0WVRVeVpDMDBaVFZsTFdKak1USXRNakUyTVRNMU1tRTNOMk0x' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials&client_id=ed59158fa2344e94b3e6278e8ab85142&client_secret=MGQ3NzE2MGQtYTUyZC00ZTVlLWJjMTItMjE2MTM1MmE3N2M1'
| Request | Value |
|---|---|
| Method | POST |
| URL | Uses the special OAuth endpoint /oauth/token appended to the API URI e.g. https://<your-gateway-host>/<your-api-listen-path>/oauth/token. |
| Header | Value |
|---|---|
Authorization |
Basic authorization, using the client id and client secret of the OAuth client base64 encoded with colon separator. E.g. <oauth-client-id>:<oauth-client-secret>, in this case ed59158fa2344e94b3e6278e8ab85142:MGQ3NzE2MGQtYTUyZC00ZTVlLWJjMTItMjE2MTM1MmE3N2M1, which base64 encoded is ZWQ1OTE1OGZhMjM0NGU5NGIzZTYyNzhlOGFiODUxNDI6TUdRM056RTJNR1F0WVRVeVpDMDBaVFZsTFdKak1USXRNakUyTVRNMU1tRTNOMk0x. |
Content-Type |
application/x-www-form-urlencoded |
| Data | Value |
|---|---|
grant_type |
client_credentials |
client_id |
The OAuth client id, in this case ed59158fa2344e94b3e6278e8ab85142. |
client_secret |
The OAuth client secret, in this case MGQ3NzE2MGQtYTUyZC00ZTVlLWJjMTItMjE2MTM1MmE3N2M1. |
Response
Response provides the token as access_token in the returned JSON which can then be used to access the API:
{
"access_token": "580defdbe1d21e0001c67e5c40e93eac3d23494697470b90d7c81593",
"expires_in": 3600,
"token_type": "bearer"
}
Note
It does not provide a refresh token.
Sequence Diagram
