OAuthTokenResource Resource

An OAuth 2.0 token endpoint for the client credentials grant.

POST /public/v1/auth

Request an access token using credentials for a registered client. The client's credentials consist of an ID (or "key") and a secret. The credentials may be included in the request in one of two ways:

  1. as HTTP Basic authentication credentials in the "Authorization" header;
  2. or as client_id and client_secret form parameters.
Only one of these two methods should be used. See RFC 6749 Section 2.3.1 for more details about the client authentication request.

Request Parameters
name type description default
client_id form the client ID (only if not using HTTP Basic authentication)
client_secret form the client secret (only if not using HTTP Basic authentication)
grant_type form the authorization grant type (must be "client_credentials")  
scope form the scope of the access request  
Authorization header HTTP Basic authentication credentials
Response Codes
code condition
200 if the credentials are valid
400 if the request is not valid in some way (the response body will have details about the specific error)
Response Body
media type data type description
application/json AccessTokenResponse (JSON) the access token


POST /public/v1/auth
Accept: application/json

HTTP/1.1 200 OK
Content-Type: application/json

  "access_token" : "...",
  "token_type" : "bearer",
  "expires_in" : 3600,
  "scope" : ""