Client credentials
How to execute the authorization flow and get your access token
Sales channel applications use the client_credentials grant type to get a "guest" access token.
Integration applications use the client_credentials grant type to get an access token for themselves.
By including a scope in the access token request, all the resources that you fetch are automatically filtered.

Getting an access token

To get an access token using the client_credentials grant type, send a POST request to the /oauth/token endpoint, passing the application credentials in the request body.

Request

POST https://yourdomain.commercelayer.io/oauth/token

Arguments

Body parameter
Type
Required
Description
grant_type
string
Required
client_credentials
client_id
string
Required
Your application client_id
client_secret
string
Optional
Your application client_secret
scope
string
Optional
Your access token scope (market, stock location)
Sales channel applications require a market in scope when requesting their access token to perform the permitted CRUD actions. On the other hand, they don't require the client_secret argument. That lets you use them safely client-side.

Examples

Sales channel

Request
Response
The following request tries to get an access token for a sales channel application, using the client_credentials grant type and putting in scope the market identified by the number "1234":
1
curl -g -X POST \
2
'https://yourdomain.commercelayer.io/oauth/token' \
3
-H 'Accept: application/json' \
4
-H 'Content-Type: application/json' \
5
-d '{
6
"grant_type": "client_credentials",
7
"client_id": "your-client-id",
8
"scope": "market:1234"
9
}'
Copied!
On success, the API responds with a 200 OK status code, returning the requested access token:
1
{
2
"access_token": "your-access-token",
3
"token_type": "bearer",
4
"expires_in": 7200,
5
"scope": "market:1234",
6
"created_at": 123456789
7
}
Copied!

Integration

Request
Response
The following request tries to get an access token for an integration application, using the client_credentials grant type:
1
curl -g -X POST \
2
'https://yourdomain.commercelayer.io/oauth/token' \
3
-H 'Accept: application/json' \
4
-H 'Content-Type: application/json' \
5
-d '{
6
"grant_type": "client_credentials",
7
"client_id": "your-client-id",
8
"client_secret": "your-client-secret"
9
}'
Copied!
On success, the API responds with a 200 OK status code, returning the requested access token:
1
{
2
"access_token": "your-access-token",
3
"token_type": "bearer",
4
"expires_in": 7200,
5
"scope": "market:all",
6
"created_at": 123456789
7
}
Copied!