Skip to content

Exchange client credentials for access token

POST
/oauth2/token
curl --request POST \
--url https://example.com/oauth2/token \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data client_id=my-service-account \
--data client_secret=secret-value \
--data grant_type=client_credentials

Authenticates a service account using OAuth2 client credentials grant and returns a JWT access token valid for 1 hour.

Media typeapplication/x-www-form-urlencoded
object
client_id
required

Service account ID

string
Example
my-service-account
client_secret
required

Service account secret

string
Example
secret-value
grant_type
required

OAuth2 grant type (only ‘client_credentials’ supported)

string
Allowed values: client_credentials
Example
client_credentials

Authentication successful

Media typeapplication/json
object
access_token
required

JWT access token

string
expires_in
required

Token validity in seconds

number
token_type
required

Token type

string
Allowed values: Bearer
Example
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"expires_in": 3600,
"token_type": "Bearer"
}

Unsupported grant type

Media typeapplication/json
object
error
required

Error message

string
Example
{
"error": "invalid_client"
}

Invalid client credentials

Media typeapplication/json
object
error
required

Error message

string
Example
{
"error": "invalid_client"
}