Client credentials
How to execute the authorization flow and get your access token
Last updated
How to execute the authorization flow and get your access token
Last updated
Sales channels use the client_credentials
grant type to get a "guest" access token. Integrations use the client_credentials
grant type to get an access token for themselves.
By including a scope in the access token request, all the resources that you fetch are automatically filtered.
To get an access token using the client_credentials
grant type, send a POST
request to the /oauth/token
endpoint, passing the API client credentials in the request body.
POST https://auth.commercelayer.io/oauth/token
Body parameter | Type | Required | Description |
---|---|---|---|
Sales channels require a market in scope
when requesting their access token to perform the permitted CRUD actions. On the other hand, they don't require the client_secret
argument when using the client_credentials
grant type. That lets you use them safely client-side.
The following request tries to get an access token for a sales channel, using the client_credentials
grant type and putting in scope the market identified by the ID "xYZkjABcde":
The following request tries to get an access token for an integration, using the client_credentials
grant type:
grant_type
String
Required
client_credentials
client_id
String
Required
The client ID (from you API credentials).
client_secret
String
Optional
Your client secret (required for confidential API credentials).
scope
String
Optional
Your access token scope (market, stock location).