# Client credentials

**Sales channels** use the `client_credentials` grant type to get a "guest" access token. **Integrations** use the `client_credentials` grant type to get an access token for themselves.

{% hint style="info" %}
By [including a scope](https://docs.commercelayer.io/core/authentication/..#authorization-scopes) in the access token request, all the resources that you fetch are automatically filtered.
{% endhint %}

## Getting an access token

To get an access token using the `client_credentials` grant type, send a `POST` request to the `/oauth/token` endpoint, passing the API client credentials in the request body.

### Request

**POST** <https://auth.commercelayer.i&#x6F;**/oauth/token>\*\*

### Arguments

| Body parameter      | Type   | Required | Description                                                                     |
| ------------------- | ------ | -------- | ------------------------------------------------------------------------------- |
| **`grant_type`**    | String | Required | `client_credentials`                                                            |
| **`client_id`**     | String | Required | The client ID (from you API credentials).                                       |
| **`client_secret`** | String | Optional | Your client secret (required for [confidential](#integration) API credentials). |
| **`scope`**         | String | Optional | Your access token scope (market, stock location).                               |

{% hint style="warning" %}
**Sales channels** require a market in `scope` when requesting their access token to perform the [permitted CRUD actions](https://docs.commercelayer.io/core/roles-and-permissions#sales-channel). On the other hand, they don't require the `client_secret` argument when using the `client_credentials` grant type. That lets you use them safely client-side.
{% endhint %}

### Examples

#### Sales channel

{% tabs %}
{% tab title="Request" %}
The following request tries to get an access token for a sales channel, using the `client_credentials` grant type and putting in scope the market identified by the ID "xYZkjABcde":

<pre class="language-sh"><code class="lang-sh">curl -g -X POST \
  'https://auth.commercelayer.io/oauth/token' \
  -H 'Accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
<strong>  "grant_type": "client_credentials",
</strong><strong>  "client_id": "{{your_client_id}}",
</strong><strong>  "scope": "market:id:xYZkjABcde"
</strong>}'
</code></pre>

{% endtab %}

{% tab title="Response" %}
On success, the API responds with a `200 OK` status code, returning the requested access token:

<pre class="language-json"><code class="lang-json">{
<strong>  "access_token": "acC3sSt0K3Nwrt6kic7.abc4bnm5...",
</strong>  "token_type": "bearer",
  "expires_in": 14400,
  "scope": "market:id:xYZkjABcde",
  "created_at": 123456789
}
</code></pre>

{% endtab %}
{% endtabs %}

#### Integration

{% tabs %}
{% tab title="Request" %}
The following request tries to get an access token for an integration, using the `client_credentials` grant type:

<pre class="language-javascript"><code class="lang-javascript">curl -g -X POST \
  'https://auth.commercelayer.io/oauth/token' \
  -H 'Accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
<strong>  "grant_type": "client_credentials",
</strong><strong>  "client_id": "{{your_client_id}}",
</strong><strong>  "client_secret": "{{your_client_secret}}"
</strong>}'
</code></pre>

{% endtab %}

{% tab title="Response" %}
On success, the API responds with a `200 OK` status code, returning the requested access token:

<pre class="language-json"><code class="lang-json">{
<strong>    "access_token": "acC3sSt0K3Nwrt6kic7.abc4bnm5...",
</strong>    "token_type": "bearer",
    "expires_in": 7200,
    "scope": "market:all",
    "created_at": 123456789
}
</code></pre>

{% endtab %}
{% endtabs %}