Client credentials
How to execute the authorization flow and get your access token
Sales channels use the client_credentials
grant type to get a "guest" access token. Integrations use the client_credentials
grant type to get an access token for themselves.
Getting an access token
To get an access token using the client_credentials
grant type, send a POST
request to the /oauth/token
endpoint, passing the API client credentials in the request body.
Request
POST https://auth.commercelayer.io/oauth/token
Arguments
grant_type
String
Required
client_credentials
client_id
String
Required
The client ID (from you API credentials).
scope
String
Optional
Your access token scope (market, stock location).
Sales channels require a market in scope
when requesting their access token to perform the permitted CRUD actions. On the other hand, they don't require the client_secret
argument when using the client_credentials
grant type. That lets you use them safely client-side.
Examples
Sales channel
The following request tries to get an access token for a sales channel, using the client_credentials
grant type and putting in scope the market identified by the ID "xYZkjABcde":
curl -g -X POST \
'https://auth.commercelayer.io/oauth/token' \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-d '{
"grant_type": "client_credentials",
"client_id": "{{your_client_id}}",
"scope": "market:id:xYZkjABcde"
}'
Integration
The following request tries to get an access token for an integration, using the client_credentials
grant type:
curl -g -X POST \
'https://auth.commercelayer.io/oauth/token' \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-d '{
"grant_type": "client_credentials",
"client_id": "{{your_client_id}}",
"client_secret": "{{your_client_secret}}"
}'
Last updated