Client credentials can be used when the authorization scope is limited to the protected resources belonging to the client. Client credentials are used as an authorization grant when the client requests access to protected resources based on an authorization previously arranged with the authorization server. The client application requests an access token from the authorization server, authenticating the request with its client key and client secret. If the client is successfully authenticated, an access token is returned.
Invoking the Token API to generate the tokens
- Get Obtain a valid consumer key and consumer secret pair. Initially, you generate these keys through the API Store by clicking the clicking Generate Keys button on the Production on the Production Keys tab of the application.
- Combine the consumer key and consumer secret keys in the format
consumer-key:consumer-secretand encode the combined string using base64 ( http://base64encode.org ). Use the following sample cuRL command to obtain the access token.
Code Block curl -k -d "grant_type=client_credentials" -H "Authorization: Basic <Base64 encoded client_key:client_secret>, Content-Type: application/x-www-form-urlencoded" https://localhost:port/token
You receive a response similar to the following.:
Code Block {"token_type":"Bearer","expires_in":2061,"access_token":"ca19a540f544777860e44e75f605d927"}Note Note that for users to be counted in the Registered Users for Application statistics which takes the number of users shared each of the Application, they should have to generate access tokens using Password Grant type.