Client credentials

How to execute the authorization flow and get your access token

Sales channels use the client_credentials grant type to get a "guest" access token. Integrations use the client_credentials grant type to get an access token for themselves.

By including a scope in the access token request, all the resources that you fetch are automatically filtered.

Getting an access token

To get an access token using the client_credentials grant type, send a POST request to the /oauth/token endpoint, passing the API client credentials in the request body.

Request

POST https://auth.commercelayer.io/oauth/token

Arguments

Body parameterTypeRequiredDescription

grant_type

String

Required

client_credentials

client_id

String

Required

Your application's client ID.

client_secret

String

Optional

Your application's client secret (required for confidential API credentials).

scope

String

Optional

Your access token scope (market, stock location).

Sales channels require a market in scope when requesting their access token to perform the permitted CRUD actions. On the other hand, they don't require the client_secret argument when using the client_credentials grant type. That lets you use them safely client-side.

Examples

Sales channel

The following request tries to get an access token for a sales channel, using the client_credentials grant type and putting in scope the market identified by the ID "xYZkjABcde":

curl -g -X POST \
  'https://auth.commercelayer.io/oauth/token' \
  -H 'Accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
  "grant_type": "client_credentials",
  "client_id": "{{your_client_id}}",
  "scope": "market:id:xYZkjABcde"
}'

Integration

The following request tries to get an access token for an integration, using the client_credentials grant type:

curl -g -X POST \
  'https://auth.commercelayer.io/oauth/token' \
  -H 'Accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
  "grant_type": "client_credentials",
  "client_id": "{{your_client_id}}",
  "client_secret": "{{your_client_secret}}"
}'

Last updated