client_credentials grant type consists of a secret and a key,
similar to OAuth 1.0. It is appropriate for authentication that does not
require specific user credentials, such as authentication between
machines for scheduled tasks.
This grant type does not generate a refresh_token (see The OAuth 2.0 Authorization Framework).
ROLE_PARTNER and ROLE_PARTNER_READ are the only scopes allowed for this grant type.
The following diagram illustrates this flow:
The application initiates authorization by sending a POST request to the token endpoint to exchange the client's credentials for an access token and optionally the refresh token. This request must be authenticated (basic authentication) using the client ID and secret.
curl -X POST -u appdirect-49:9vY0s4yb2pbnP7Vz -H 'Content-Type: application/x-www-form-urlencoded' "https://marketplace.example.com/oauth2/token" -d "grant_type=client_credentials&scope=ROLE_PARTNER_READ"
Parameter Description grant_type Must be client_credentials, which indicates that this is the Client Credentials grant type. scope A space-separated list of requested scopes.
The access token and, optionally, the refresh token are returned.
Call an AppDirect API and include the access token in the Authorization header as a bearer token.
curl -H 'Authorization: Bearer 7iVGxe84f1ew6QENpCD3' "http://marketplace.example.com/api/account/v2/subscriptions/6c31d072-8480-11e3-b2f4-22000ae812a4/assignments"
Receive the API response.
Was this page helpful?
Tell us more…
Help us improve our content. Responses are anonymous.
We appreciate your feedback!