Obtaining an Access Token
To interact securely with the Phoenix API, your application must first obtain an Access Token. The Phoenix API supports two authorization flows:
1. Authorization Code Flow with PKCE
The Authorization Code Flow with Proof Key for Code Exchange (PKCE) allows both confidential and public clients to securely obtain an access token. After the user authenticates and authorizes your application, they are redirected back to your registered Redirect URI with an authorization code. Your application then exchanges this code for an access token. PKCE (RFC 7636) strengthens this flow against CSRF attacks and authorization code interception.
When to use:
- Suitable for applications interacting on behalf of users (e.g., web apps, mobile apps).
2. Client Credentials Flow
The Client Credentials Flow allows applications to obtain an access token directly, without user interaction. This flow is intended for machine-to-machine (M2M) applications like backend services, daemons, or command-line interfaces (CLIs). In this scenario, the system authenticates and authorizes the application itself rather than a user.
When to use:
- Ideal for backend integrations, automated scripts, or services.
Updated 19 days ago
Refer to the individual flow guides. Each guide contains step-by-step instructions and request examples to obtain and use your access token effectively.