Client Credentials Flow
How to generate access token for single user applications?
Client credentials grant
Recommended practice
While you can generate an access token from the portal the same way you did for test applications, it is not feasible to rotate the token manually as each access token is valid for 30 days. We highly recommend that you implement the token generation and refresh logic via code for any live production integration.
-
Once you have a live app created, navigate to the Authentication tab.
-
You'll find your
client_id
andclient_secret
in the Oauth credentials section. -
Make the following request with the following values in the request body as JSON to obtain an
access_token
.
Request
POST https://auth.signeasy.com/oauth/token
curl --location --request POST 'https://auth.signeasy.com/oauth/token' \
--header 'Content-Type: application/json' \
--data-raw '{
"client_id": "<YOUR_CLIENT_ID>",
"client_secret": "<YOUR_CLIENT_SECRET>",
"audience": "https://api-ext.signeasy.com/",
"grant_type": "client_credentials"
}'
Parameter | Type | Description |
---|---|---|
client_id | string | Required. The client ID you received when you created your app. |
client_secret | string | Required. The client secret you received when you created your app. |
audience | string | Required. The unique identifier of the audience for an issued token, identified within a JSON Web Token as the aud claim. The audience value is always https://api-ext.signeasy.com/ for client credentials grant flow. |
grant_type | string | Required. The value for client credentials grant should be client_credentials . |
Response
{
"access_token": "eyJhbGciOiJSU...dssJg",
"scope": "rs:read rs:update",
"expires_in": 2592000,
"token_type": "Bearer"
}
How to use the access token in an HTTP request?
This access_token` allows you to make requests to the API on a behalf of a user. You should include this access token in the Authorization header.
Authorization: Bearer ACCESS-TOKEN
curl -X GET -H "Authorization: Bearer <Access Token>" https://api.signeasy.com/v3/me
Refreshing a live access token
Every access token generated via client credentials flow has an expiry of 30 days, and it is recommended that you handle this expiry in your code implementation for automatic token renewal as well. To generate a new access token, follow the same step above that you used to obtain a new token.
Updated almost 2 years ago