Guides
Start typing to search…

Client Credentials Flow

The Client Credentials Flow allows applications to obtain an access token directly, without user interaction. This flow is intended for machine-to-machine (M2M) applications like backend services, daemons, or command-line interfaces (CLIs). In this scenario, the system authenticates and authorizes the application itself rather than a user.

The following steps illustrate how to use Postman to obtain an access token using the Client Credentials Flow.

1. Creating the Request

  1. Change the HTTP verb from GET to POST.
  2. Specify the URL address https://fslpresales.fslcgix-uat.co.uk/fslpresales_AuthServer/oauth/oauthClientId/token for the auth server. Replace oauthClientId with your client id.
  3. In the request body, provide the following form-data key-value pairs:
    • grant_type: Set to client_credentials
    • scope: Set to the scope to openid profile phoenixapi
    • client_secret: Set to your Client Secret


2. Sending the Request

Click the Send button to execute the request.


3. The Response Body

The response will include your access token and token type. This token should be included in subsequent API requests as a Bearer token.


Example response:

{
    "access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IkMzODAxMUVCLTdGNjUtNEFBMy05QkQ0LTFCNUQyMTVBOTI2MCIsInR5cCI6IkJlYXJlciJ9.eyJleHAiOjE3NDI0NjgxNjMsImlzcyI6Imh0dHBzOi8vY2FwZXJjYWlsbGllLmZpbmFuY2lhbHNvZnR3YXJlLmNvLnVrL0NHaVhRQURNMUluY29tZUF1dGhTZXJ2ZXIiLCJzdWIiOiI1ODkzZTI1ZS05MDlmLTQ4MzQtOWRiMS0yZjhmMzQ5NTIyYTIiLCJhdWQiOiJodHRwczovL2NhcGVyY2FpbGxpZS5maW5hbmNpYWxzb2Z0d2FyZS5jby51ay9DR2lYUUFETTFJbmNvbWVBdXRoU2VydmVyL1Bob2VuaXhBcGkiLCJpYXQiOjE3NDI0Njc1NjMsIm5iZiI6MTc0MjQ2NzU2Mywibm9uY2UiOm51bGwsImlkIjoiNTg5M2UyNWUtOTA5Zi00ODM0LTlkYjEtMmY4ZjM0OTUyMmEyIiwidXNlcm5hbWUiOiJBZG1pbiIsImNvbXBhbnlpZCI6IkZTTCIsImh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSI6IkFkbWluIn0.WpU4edhnDTrVTkJ1sFPyYua-tM1ni5LuqX3bViJL5R2xa-potaYdwfoVLuiD6Va5FbGLle4ti0qvoN5hqA_MZCYlluxu2hPH_6yLu0a_M80FoD7LtIQoAEdYmKWCugfs8UJvx75E74NTyuAT2PLv5SnIrxuhGEJRa9znqERT9EEF81PLUwWQtZ8Z3NmE160qD94M12eFrnHxJFvrTKuouCaT_BesxmFgjqY8JNRqMNxhdy_tX1DrX4C87HIiWYg5uBNR57nRESAlStkwolZS20gGkPefqJ50-rv6299wjB8Rve0xekyecVnhyQ9P_NIyn89o3mrf9Ok7Y3Ci6h907-Ti2XycHbCK1bIe4zz-XNyKLV8MiBF8SzSzNC1ijE9dSRTHS2Nfij7q2F-4GV_Kn4hq_4aeSth5tyqEluyyn136a3tfSzWcUEP6P20A-LAYoLkbud7wESyxtDdopiXKnp1OxMsXS61Zf0fhlxYpnWICkdjMbEWNpGMNFqeihJNd",
    "token_type": "Bearer"
}

The token can now be used in subsequent API requests.

📘

Token Expiry

By default, the token is valid for 10 minutes.

If you require a different expiration period, please submit a Zendesk ticket.

Updated 18 days ago