Client Credentials Grant Type

When to use: For non-interactive backend services or internal automation tasks.

Note:

You can specify the token expiry while generating access token. By default, it is 1 hour.

Sample code

curl --location 'https://<idcs_domain>/oauth2/v1/token' --header "Authorization: Basic $encoded" --header 'Content-Type: application/x-www-form-urlencoded;charset=UTF-8' --data-urlencode 'grant_type=client_credentials' --data-urlencode 'scope=urn:opc:idm:my-custom-scope%20urn:opc:resource:expiry=3600'

Sample code with mTLS enabled

curl --location 'https://<idcs_domain>/oauth2/v1/token' --cacert ./ca.crt --cert ./client.crt --key ./client.key --header "Authorization: Basic $encoded" --header 'Content-Type: application/x-www-form-urlencoded;charset=UTF-8' --data-urlencode 'grant_type=client_credentials' --data-urlencode 'scope=urn:opc:idm:my-custom-scope%20urn:opc:resource:expiry=3600'

Sample response

{ "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...", "token_type": "Bearer", "expires_in": 3600, }

For more details, see Client Credentials Grant Type