Client credentials

How to execute the authorization flow and get your access token

Sales channels use the client_credentials grant type to get a "guest" access token. Integrations use the client_credentials grant type to get an access token for themselves.

By in the access token request, all the resources that you fetch are automatically filtered.

Getting an access token

To get an access token using the client_credentials grant type, send a POST request to the /oauth/token endpoint, passing the API client credentials in the request body.

Request

POST https://auth.commercelayer.io/oauth/token

Arguments

Body parameter

Type

Required

Description

grant_type

String

Required

client_credentials

client_id

String

Required

The client ID (from you API credentials).

client_secret

String

Optional

scope

String

Optional

Your access token scope (market, stock location).

Sales channels require a market in scope when requesting their access token to perform the . On the other hand, they don't require the client_secret argument when using the client_credentials grant type. That lets you use them safely client-side.

Examples

Sales channel

The following request tries to get an access token for a sales channel, using the client_credentials grant type and putting in scope the market identified by the ID "xYZkjABcde":

curl -g -X POST \
  'https://auth.commercelayer.io/oauth/token' \
  -H 'Accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
  "grant_type": "client_credentials",
  "client_id": "{{your_client_id}}",
  "scope": "market:id:xYZkjABcde"
}'

On success, the API responds with a 200 OK status code, returning the requested access token:

{
  "access_token": "acC3sSt0K3Nwrt6kic7.abc4bnm5...",
  "token_type": "bearer",
  "expires_in": 14400,
  "scope": "market:id:xYZkjABcde",
  "created_at": 123456789
}

Integration

The following request tries to get an access token for an integration, using the client_credentials grant type:

curl -g -X POST \
  'https://auth.commercelayer.io/oauth/token' \
  -H 'Accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
  "grant_type": "client_credentials",
  "client_id": "{{your_client_id}}",
  "client_secret": "{{your_client_secret}}"
}'

On success, the API responds with a 200 OK status code, returning the requested access token:

{
    "access_token": "acC3sSt0K3Nwrt6kic7.abc4bnm5...",
    "token_type": "bearer",
    "expires_in": 7200,
    "scope": "market:all",
    "created_at": 123456789
}

PreviousAuthentication NextPassword

Last updated 12 months ago

Getting an access token

To get an access token using the client_credentials grant type, send a POST request to the /oauth/token endpoint, passing the API client credentials in the request body.

Request

POST https://auth.commercelayer.io/oauth/token

Arguments

Body parameter

Type

Required

Description

grant_type

String

Required

client_credentials

client_id

String

Required

The client ID (from you API credentials).

client_secret

String

Optional

Your client secret (required for API credentials).

scope

String

Optional

Your access token scope (market, stock location).

Examples

Sales channel

The following request tries to get an access token for a sales channel, using the client_credentials grant type and putting in scope the market identified by the ID "xYZkjABcde":

curl -g -X POST \
  'https://auth.commercelayer.io/oauth/token' \
  -H 'Accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
  "grant_type": "client_credentials",
  "client_id": "{{your_client_id}}",
  "scope": "market:id:xYZkjABcde"
}'

On success, the API responds with a 200 OK status code, returning the requested access token:

{
  "access_token": "acC3sSt0K3Nwrt6kic7.abc4bnm5...",
  "token_type": "bearer",
  "expires_in": 14400,
  "scope": "market:id:xYZkjABcde",
  "created_at": 123456789
}

Integration

The following request tries to get an access token for an integration, using the client_credentials grant type:

curl -g -X POST \
  'https://auth.commercelayer.io/oauth/token' \
  -H 'Accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
  "grant_type": "client_credentials",
  "client_id": "{{your_client_id}}",
  "client_secret": "{{your_client_secret}}"
}'

On success, the API responds with a 200 OK status code, returning the requested access token:

{
    "access_token": "acC3sSt0K3Nwrt6kic7.abc4bnm5...",
    "token_type": "bearer",
    "expires_in": 7200,
    "scope": "market:all",
    "created_at": 123456789
}