Client Credentials Flow

How to generate access token for single user applications?

Client credentials grant


Recommended practice

While you can generate an access token from the portal the same way you did for test applications, it is not feasible to rotate the token manually as each access token is valid for 30 days. We highly recommend that you implement the token generation and refresh logic via code for any live production integration.

  1. Once you have a live app created, navigate to the Authentication tab.

  2. You'll find your client_id and client_secret in the Oauth credentials section.

  3. Make the following request with the following values in the request body as JSON to obtain an access_token.


curl --location --request POST '' \
--header 'Content-Type: application/json' \
--data-raw '{
    "client_id": "<YOUR_CLIENT_ID>",
    "client_secret": "<YOUR_CLIENT_SECRET>",
    "audience": "",
    "grant_type": "client_credentials"
client_idstringRequired. The client ID you received when you created your app.
client_secretstringRequired. The client secret you received when you created your app.
audiencestringRequired. The unique identifier of the audience for an issued token, identified within a JSON Web Token as the aud claim. The audience value is always for client credentials grant flow.
grant_typestringRequired. The value for client credentials grant should be client_credentials.


    "access_token": "eyJhbGciOiJSU...dssJg",
    "scope": "rs:read rs:update",
    "expires_in": 2592000,
    "token_type": "Bearer"

How to use the access token in an HTTP request?

This access_token` allows you to make requests to the API on a behalf of a user. You should include this access token in the Authorization header.

Authorization: Bearer ACCESS-TOKEN

curl -X GET -H "Authorization: Bearer <Access Token>"

Refreshing a live access token

Every access token generated via client credentials flow has an expiry of 30 days, and it is recommended that you handle this expiry in your code implementation for automatic token renewal as well. To generate a new access token, follow the same step above that you used to obtain a new token.